Merge branch 'main' into glitch-soc/merge-upstream

Conflicts: - `Gemfile.lock`: Not a real conflict, just an upstream dependency udpated textually too close to a glitch-soc-only dependency. Updated dependencies like upstream. - `app/controllers/settings/preferences_controller.rb`: Upstream added settings where we had extra glitch-soc-specific settings. Added upstream's new settings. - `app/models/user.rb`: Upstream added settings where we had extra glitch-soc-specific settings. Added upstream's new settings. - `config/i18n-tasks.yml`: Not a real conflict, just a new upstream line too textually close to a glitch-soc-only line. Ported upstream's change.
author: Claire <claire.github-309c@sitedethib.com> 2022-04-08 19:53:32 +0200
committer: Claire <claire.github-309c@sitedethib.com> 2022-04-08 19:53:32 +0200
commit: ff73d43b3596d50d071fd3e6ab6f49608b62c9d1 (patch)
tree: bf8dca3a3864b013b0e55476a21fb1ad0d97c41f /config/initializers
parent: e0c39f9fad837b77373220515f078f2443ddf553 (diff)
parent: 68273a7c6d6c630b6c88764579580682e12eebce (diff)
2 files changed, 2 insertions, 4 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index b434c68fa..c55bea7a7 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -8,7 +8,6 @@ Warden::Manager.after_set_user except: :fetch do |user, warden|
     value: session_id,
     expires: 1.year.from_now,
     httponly: true,
-    secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
     same_site: :lax,
   }
 end
@@ -23,7 +22,6 @@ Warden::Manager.after_fetch do |user, warden|
       value: session_id,
       expires: 1.year.from_now,
       httponly: true,
-      secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
       same_site: :lax,
     }
   else
@@ -265,7 +263,7 @@ Devise.setup do |config|
 
   # Options to be passed to the created cookie. For instance, you can set
   # secure: true in order to force SSL only cookies.
-  config.rememberable_options = { secure: true }
+  config.rememberable_options = {}
 
   # ==> Configuration for :validatable
   # Range for password length.
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 3d9bf96fd..210964b1f 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,5 +2,5 @@
 
 Rails.application.config.session_store :cookie_store,
   key: '_mastodon_session',
-  secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
+  secure: false, # All cookies have their secure flag set by the force_ssl option in production
   same_site: :lax
author	Claire <claire.github-309c@sitedethib.com>	2022-04-08 19:53:32 +0200
committer	Claire <claire.github-309c@sitedethib.com>	2022-04-08 19:53:32 +0200
commit	ff73d43b3596d50d071fd3e6ab6f49608b62c9d1 (patch)
tree	bf8dca3a3864b013b0e55476a21fb1ad0d97c41f /config/initializers
parent	e0c39f9fad837b77373220515f078f2443ddf553 (diff)
parent	68273a7c6d6c630b6c88764579580682e12eebce (diff)