github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-04 19:57:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: add support for same site cookies

Browse Source 
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
This commit is contained in:
Sam
2017-02-23 12:01:28 -05:00
parent ad435da377
commit ea1007e954
5 changed files with 42 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/auth/default_current_user_provider.rb
View File

@ -162,12 +162,18 @@ class Auth::DefaultCurrentUserProvider
end
def cookie_hash(unhashed_auth_token)
{
hash = {
value: unhashed_auth_token,
httponly: true,
expires: SiteSetting.maximum_session_age.hours.from_now,
secure: SiteSetting.force_https
}
if SiteSetting.same_site_cookies != "Disabled"
hash[:same_site] = SiteSetting.same_site_cookies
end
hash
end
def make_developer_admin(user)