Drop dependency on secure_headers, fix response headers (#15712)

* Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
2021-02-11 23:47:05 +01:00 · 2021-02-11 23:47:05 +01:00 · 21fb3f3684
commit 21fb3f3684
parent eb23f98592
8 changed files with 24 additions and 16 deletions
--- a/config/initializers/makara.rb
+++ b/config/initializers/makara.rb
@ -1 +1,2 @@
 Makara::Cookie::DEFAULT_OPTIONS[:same_site] = :lax
+Makara::Cookie::DEFAULT_OPTIONS[:secure]    = Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'