From 87c76a9a2fa95702df05e935c8eb232188df1318 Mon Sep 17 00:00:00 2001
From: shibayashi <shibayashi@cypherpunk.observer>
Date: Tue, 13 Nov 2018 00:32:38 +0100
Subject: [PATCH] Add __Host- prefix when secure flag is enabled

---
 lib/pleroma/web/endpoint.ex | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 7783b8e5c..85bb4ff5f 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -46,13 +46,18 @@ defmodule Pleroma.Web.Endpoint do
   plug(Plug.MethodOverride)
   plug(Plug.Head)
 
+  cookie_name =
+    if Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
+      do: "__Host-pleroma_key",
+      else: "pleroma_key"
+
   # The session will be stored in the cookie and signed,
   # this means its contents can be read but not tampered with.
   # Set :encryption_salt if you would also like to encrypt it.
   plug(
     Plug.Session,
     store: :cookie,
-    key: "_pleroma_key",
+    key: cookie_name,
     signing_salt: "CqaoopA2",
     http_only: true,
     secure: