Fix cookies secure flag being set when served over Tor (#17992)
parent
46633f1de1
commit
6e418bf346
4 changed files with 2 additions and 30 deletions
@ -1,25 +0,0 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
module ActionDispatch |
||||
module CookieJarExtensions |
||||
private |
||||
|
||||
# Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service |
||||
# users. Otherwise, ActionDispatch would drop the cookie over HTTP. |
||||
def write_cookie?(*) |
||||
request.host.end_with?('.onion') || super |
||||
end |
||||
end |
||||
end |
||||
|
||||
ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions) |
||||
|
||||
module Rack |
||||
module SessionPersistedExtensions |
||||
def security_matches?(request, options) |
||||
request.host.end_with?('.onion') || super |
||||
end |
||||
end |
||||
end |
||||
|
||||
Rack::Session::Abstract::Persisted.prepend(Rack::SessionPersistedExtensions) |
Loading…
Reference in new issue