scalie-business
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
mastodon/lib/action_dispatch/cookie_jar_extensions.rb

26 lines
656 B
Ruby
Raw Normal View History

Drop dependency on secure_headers, fix response headers (#15712) * Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
2021-02-11 23:47:05 +01:00
# frozen_string_literal: true
module ActionDispatch
module CookieJarExtensions
private
# Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service
# users. Otherwise, ActionDispatch would drop the cookie over HTTP.
def write_cookie?(*)
replace all instances of "ends_with?" with "end_with?" (#15745) The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method. Using the latter makes the code less brittle.
2021-02-19 09:56:14 +01:00
request.host.end_with?('.onion') || super
Drop dependency on secure_headers, fix response headers (#15712) * Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
2021-02-11 23:47:05 +01:00
end
end
end
ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)
Monkey patch Rack::Session to send secure cookies to onions (#15725)
2021-02-14 00:10:52 +01:00
module Rack
module SessionPersistedExtensions
def security_matches?(request, options)
replace all instances of "ends_with?" with "end_with?" (#15745) The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method. Using the latter makes the code less brittle.
2021-02-19 09:56:14 +01:00
request.host.end_with?('.onion') || super
Monkey patch Rack::Session to send secure cookies to onions (#15725)
2021-02-14 00:10:52 +01:00
end
end
end
Rack::Session::Abstract::Persisted.prepend(Rack::SessionPersistedExtensions)