summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config/config.exs3
-rw-r--r--lib/pleroma/web/endpoint.ex6
2 files changed, 7 insertions, 2 deletions
diff --git a/config/config.exs b/config/config.exs
index 3dd8ef284..d88a56adf 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -32,7 +32,8 @@ config :pleroma, Pleroma.Web.Endpoint,
protocol: "https",
secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl",
render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)],
- pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2]
+ pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2],
+ secure_cookie_flag: true
# Configures Elixir's Logger
config :logger, :console,
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 1e5ac2721..955bd61f3 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -49,7 +49,11 @@ defmodule Pleroma.Web.Endpoint do
Plug.Session,
store: :cookie,
key: "_pleroma_key",
- signing_salt: "CqaoopA2"
+ signing_salt: "CqaoopA2",
+ http_only: true,
+ secure:
+ Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
+ extra: "SameSite=Strict"
)
plug(Pleroma.Web.Router)
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 00:25:43 +0000