forked from fedi/mastodon
e79f8dd85c
* Enable secure cookie flag for https only * Disable force_ssl for .onion hosts only Co-authored-by: Aiden McClelland <me@drbonez.dev>
11 lines
192 B
Ruby
11 lines
192 B
Ruby
SecureHeaders::Configuration.default do |config|
|
|
config.cookies = {
|
|
secure: true,
|
|
httponly: true,
|
|
samesite: {
|
|
lax: true
|
|
}
|
|
}
|
|
config.csp = SecureHeaders::OPT_OUT
|
|
end
|