blueb-Chuckya-fe-standalone/config/initializers/secureheaders.rb at 69c1889a6aa063bc7d3a26e4e24ae72dc409ddea - mirror/blueb-Chuckya-fe-standalone - forged synths: small private forge for synths and other aligned beings who can cook

mirror/blueb-Chuckya-fe-standalone

mirror of https://iceshrimp.dev/blueb/Chuckya-fe-standalone.git synced 2026-01-12 14:03:16 -08:00

Cecylia Bocovich e79f8dd85c

Onion service related changes to HTTPS handling (#15560 )

* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>

2021-02-11 04:40:13 +01:00

10 lines

192 B

Ruby

Raw Blame History

 SecureHeaders::Configuration.default do |config|
   config.cookies = {
     secure: true,
     httponly: true,
     samesite: {
       lax: true
     }
   }
   config.csp = SecureHeaders::OPT_OUT
 end