Drop dependency on secure_headers, fix response headers (#15712)

* Drop dependency on secure_headers, use always_write_cookie instead * Fix cookies in Tor Hidden Services by moving configuration to application.rb * Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
author: Claire <claire.github-309c@sitedethib.com> 2021-02-11 23:47:05 +0100
committer: GitHub <noreply@github.com> 2021-02-11 23:47:05 +0100
commit: 21fb3f3684782628319a0d6339dd9fd446c2b673 (patch)
tree: 029bcaeb2658ca28524661f451abe88c28a289e0 /lib
parent: eb23f985928f5d394209475ad4308a4d20dfb5f2 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/action_dispatch/cookie_jar_extensions.rb b/lib/action_dispatch/cookie_jar_extensions.rb
new file mode 100644
index 000000000..44c39c1f8
--- /dev/null
+++ b/lib/action_dispatch/cookie_jar_extensions.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  module CookieJarExtensions
+    private
+
+    # Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service
+    # users. Otherwise, ActionDispatch would drop the cookie over HTTP.
+    def write_cookie?(*)
+      request.headers['Host'].ends_with?('.onion') || super
+    end
+  end
+end
+
+ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)
author	Claire <claire.github-309c@sitedethib.com>	2021-02-11 23:47:05 +0100
committer	GitHub <noreply@github.com>	2021-02-11 23:47:05 +0100
commit	21fb3f3684782628319a0d6339dd9fd446c2b673 (patch)
tree	029bcaeb2658ca28524661f451abe88c28a289e0 /lib
parent	eb23f985928f5d394209475ad4308a4d20dfb5f2 (diff)