mirror of
https://github.com/discourse/discourse.git
synced 2024-12-15 22:54:39 +08:00
ea1007e954
Defaults to Lax, can be disabled or set to Strict. Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
20 lines
492 B
Ruby
20 lines
492 B
Ruby
class ActionDispatch::Session::DiscourseCookieStore < ActionDispatch::Session::CookieStore
|
|
def initialize(app, options={})
|
|
super(app,options)
|
|
end
|
|
|
|
private
|
|
|
|
def set_cookie(request, session_id, cookie)
|
|
if Hash === cookie
|
|
if SiteSetting.force_https
|
|
cookie[:secure] = true
|
|
end
|
|
unless SiteSetting.same_site_cookies == "Disabled"
|
|
cookie[:same_site] = SiteSetting.same_site_cookies
|
|
end
|
|
end
|
|
cookie_jar(request)[@key] = cookie
|
|
end
|
|
end
|