Onion service related changes to HTTPS handling (#15560)

* Enable secure cookie flag for https only * Disable force_ssl for .onion hosts only Co-authored-by: Aiden McClelland <me@drbonez.dev>
2021-02-10 22:40:13 -05:00
parent d499bb031f
commit e79f8dd85c
8 changed files with 27 additions and 11 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -571,6 +571,8 @@ GEM
    scenic (1.5.4)
      activerecord (>= 4.0.0)
      railties (>= 4.0.0)
+    secure_headers (3.9.0)
+      useragent
    securecompare (1.0.0)
    semantic_range (2.3.0)
    sidekiq (6.1.3)
@ -652,6 +654,7 @@ GEM
    unf_ext (0.0.7.7)
    unicode-display_width (1.7.0)
    uniform_notifier (1.13.2)
+    useragent (0.16.10)
    warden (1.2.9)
      rack (>= 2.0.9)
    webauthn (3.0.0.alpha1)
@ -795,6 +798,7 @@ DEPENDENCIES
  ruby-progressbar (~> 1.11)
  sanitize (~> 5.2)
  scenic (~> 1.5)
+  secure_headers (~> 3.5)
  sidekiq (~> 6.1)
  sidekiq-bulk (~> 0.2.0)
  sidekiq-scheduler (~> 3.0)