cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make the TOTP cookie httponly

Browse source
This commit is contained in:
Tom Hughes 2023-08-22 21:18:45 +01:00
parent ce8f174a45
commit 0913f286fe
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/initializers/secure_headers.rb
View file

@ -28,7 +28,7 @@ csp_policy[:img_src] << Settings.trace_image_storage_url if Settings.key?(:trace
csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url) csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
cookie_policy = { cookie_policy = {
:httponly => { :only => ["_osm_session"] } :httponly => { :only => %w[_osm_session _osm_totp_token] }
} }
SecureHeaders::Configuration.default do |config| SecureHeaders::Configuration.default do |config|