make Pleroma.Endpoint use extra_cookie_attrs in config

2019-04-15 12:33:46 +08:00 · 2019-04-15 12:33:46 +08:00 · 6e26ac10a3
parent 10096bbf2b
commit 6e26ac10a3
1 changed files with 4 additions and 9 deletions
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@ -58,14 +58,9 @@ defmodule Pleroma.Web.Endpoint do
      do: "__Host-pleroma_key",
      else: "pleroma_key"

-  same_site =
-    if Pleroma.Config.oauth_consumer_enabled?() do
-      # Note: "SameSite=Strict" prevents sign in with external OAuth provider
-      #   (there would be no cookies during callback request from OAuth provider)
-      "SameSite=Lax"
-    else
-      "SameSite=Strict"
-    end
+  extra =
+    Pleroma.Config.get([__MODULE__, :extra_cookie_attrs])
+    |> Enum.join(";")

  # The session will be stored in the cookie and signed,
  # this means its contents can be read but not tampered with.
@ -77,7 +72,7 @@ defmodule Pleroma.Web.Endpoint do
    signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
    http_only: true,
    secure: secure_cookies,
-    extra: same_site
+    extra: extra
  )

  # Note: the plug and its configuration is compile-time this can't be upstreamed yet