21fb3f3684
* Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
16 lines
431 B
Ruby
16 lines
431 B
Ruby
# frozen_string_literal: true
|
|
|
|
module ActionDispatch
|
|
module CookieJarExtensions
|
|
private
|
|
|
|
# Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service
|
|
# users. Otherwise, ActionDispatch would drop the cookie over HTTP.
|
|
def write_cookie?(*)
|
|
request.headers['Host'].ends_with?('.onion') || super
|
|
end
|
|
end
|
|
end
|
|
|
|
ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)
|