diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 1 | ||||
| -rw-r--r-- | config/initializers/devise.rb | 4 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 2 |
3 files changed, 2 insertions, 5 deletions
diff --git a/config/application.rb b/config/application.rb index bed935ce3..a1ba71f61 100644 --- a/config/application.rb +++ b/config/application.rb @@ -40,7 +40,6 @@ require_relative '../lib/devise/two_factor_pam_authenticatable' require_relative '../lib/chewy/strategy/custom_sidekiq' require_relative '../lib/webpacker/manifest_extensions' require_relative '../lib/webpacker/helper_extensions' -require_relative '../lib/action_dispatch/cookie_jar_extensions' require_relative '../lib/rails/engine_extensions' require_relative '../lib/active_record/database_tasks_extensions' require_relative '../lib/active_record/batches' diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index b434c68fa..c55bea7a7 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -8,7 +8,6 @@ Warden::Manager.after_set_user except: :fetch do |user, warden| value: session_id, expires: 1.year.from_now, httponly: true, - secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), same_site: :lax, } end @@ -23,7 +22,6 @@ Warden::Manager.after_fetch do |user, warden| value: session_id, expires: 1.year.from_now, httponly: true, - secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), same_site: :lax, } else @@ -265,7 +263,7 @@ Devise.setup do |config| # Options to be passed to the created cookie. For instance, you can set # secure: true in order to force SSL only cookies. - config.rememberable_options = { secure: true } + config.rememberable_options = {} # ==> Configuration for :validatable # Range for password length. diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 3d9bf96fd..210964b1f 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -2,5 +2,5 @@ Rails.application.config.session_store :cookie_store, key: '_mastodon_session', - secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), + secure: false, # All cookies have their secure flag set by the force_ssl option in production same_site: :lax |