From e79f8dd85cb63125185fdf711f470c298a0b5dbc Mon Sep 17 00:00:00 2001
From: Cecylia Bocovich <cohosh@torproject.org>
Date: Wed, 10 Feb 2021 22:40:13 -0500
Subject: Onion service related changes to HTTPS handling (#15560)

* Enable secure cookie flag for https only

* Disable force_ssl for .onion hosts only

Co-authored-by: Aiden McClelland <me@drbonez.dev>
---
 config/initializers/session_store.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'config/initializers/session_store.rb')

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index e5d1be4c6..7e3471ac4 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,6 +2,5 @@
 
 Rails.application.config.session_store :cookie_store, {
   key: '_mastodon_session',
-  secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
   same_site: :lax,
 }
-- 
cgit