Onion service related changes to HTTPS handling (#15560)
* Enable secure cookie flag for https only * Disable force_ssl for .onion hosts only Co-authored-by: Aiden McClelland <me@drbonez.dev>master
parent
d499bb031f
commit
e79f8dd85c
@ -0,0 +1,10 @@ |
|||||||
|
SecureHeaders::Configuration.default do |config| |
||||||
|
config.cookies = { |
||||||
|
secure: true, |
||||||
|
httponly: true, |
||||||
|
samesite: { |
||||||
|
lax: true |
||||||
|
} |
||||||
|
} |
||||||
|
config.csp = SecureHeaders::OPT_OUT |
||||||
|
end |
Loading…
Reference in new issue