about summary refs log tree commit diff
path: root/lib/action_dispatch
diff options
context:
space:
mode:
authorClaire <claire.github-309c@sitedethib.com>2021-02-11 23:47:05 +0100
committerGitHub <noreply@github.com>2021-02-11 23:47:05 +0100
commit21fb3f3684782628319a0d6339dd9fd446c2b673 (patch)
tree029bcaeb2658ca28524661f451abe88c28a289e0 /lib/action_dispatch
parenteb23f985928f5d394209475ad4308a4d20dfb5f2 (diff)
Drop dependency on secure_headers, fix response headers (#15712)
* Drop dependency on secure_headers, use always_write_cookie instead

* Fix cookies in Tor Hidden Services by moving configuration to application.rb

* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
Diffstat (limited to 'lib/action_dispatch')
-rw-r--r--lib/action_dispatch/cookie_jar_extensions.rb15
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/action_dispatch/cookie_jar_extensions.rb b/lib/action_dispatch/cookie_jar_extensions.rb
new file mode 100644
index 000000000..44c39c1f8
--- /dev/null
+++ b/lib/action_dispatch/cookie_jar_extensions.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  module CookieJarExtensions
+    private
+
+    # Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service
+    # users. Otherwise, ActionDispatch would drop the cookie over HTTP.
+    def write_cookie?(*)
+      request.headers['Host'].ends_with?('.onion') || super
+    end
+  end
+end
+
+ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)