github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-22 13:46:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: force secure cookies on session if force https is enabled

Browse Source
This commit is contained in:
Sam 2016-10-27 15:15:58 +11:00
parent 004e71a3fe
commit 9848e26190
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/initializers/100-session_store.rb
View File

@ -1,7 +1,9 @@
# Be sure to restart your server when you modify this file. # Be sure to restart your server when you modify this file.
#
require_dependency 'discourse_cookie_store'
Discourse::Application.config.session_store( Discourse::Application.config.session_store(
:cookie_store, :discourse_cookie_store,
key: '_forum_session', key: '_forum_session',
path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
) )

16
lib/discourse_cookie_store.rb Normal file
View File

@ -0,0 +1,16 @@
class ActionDispatch::Session::DiscourseCookieStore < ActionDispatch::Session::CookieStore
def initialize(app, options={})
super(app,options)
end
private
def set_cookie(request, session_id, cookie)
if Hash === cookie
if SiteSetting.force_https
cookie[:secure] = true
end
end
cookie_jar(request)[@key] = cookie
end
end