Explicitly set 'http_only' to true

This commit is contained in:
shibayashi 2018-08-28 22:34:31 +02:00
parent 4656a07e9e
commit 18ad8aaecf
No known key found for this signature in database
GPG Key ID: C10662A33EB28508
1 changed files with 1 additions and 0 deletions

View File

@ -50,6 +50,7 @@ defmodule Pleroma.Web.Endpoint do
store: :cookie, store: :cookie,
key: "_pleroma_key", key: "_pleroma_key",
signing_salt: "CqaoopA2", signing_salt: "CqaoopA2",
http_only: true,
secure: secure:
Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag), Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
extra: "SameSite=Strict" extra: "SameSite=Strict"