lib/action_dispatch/cookie_jar_extensions.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# frozen_string_literal: true

module ActionDispatch
  module CookieJarExtensions
    private

    # Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service
    # users. Otherwise, ActionDispatch would drop the cookie over HTTP.
    def write_cookie?(*)
      request.host.end_with?('.onion') || super
    end
  end
end

ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)

module Rack
  module SessionPersistedExtensions
    def security_matches?(request, options)
      request.host.end_with?('.onion') || super
    end
  end
end

Rack::Session::Abstract::Persisted.prepend(Rack::SessionPersistedExtensions)