make Pleroma.Endpoint use extra_cookie_attrs in config
This commit is contained in:
parent
10096bbf2b
commit
6e26ac10a3
|
@ -58,14 +58,9 @@ defmodule Pleroma.Web.Endpoint do
|
|||
do: "__Host-pleroma_key",
|
||||
else: "pleroma_key"
|
||||
|
||||
same_site =
|
||||
if Pleroma.Config.oauth_consumer_enabled?() do
|
||||
# Note: "SameSite=Strict" prevents sign in with external OAuth provider
|
||||
# (there would be no cookies during callback request from OAuth provider)
|
||||
"SameSite=Lax"
|
||||
else
|
||||
"SameSite=Strict"
|
||||
end
|
||||
extra =
|
||||
Pleroma.Config.get([__MODULE__, :extra_cookie_attrs])
|
||||
|> Enum.join(";")
|
||||
|
||||
# The session will be stored in the cookie and signed,
|
||||
# this means its contents can be read but not tampered with.
|
||||
|
@ -77,7 +72,7 @@ defmodule Pleroma.Web.Endpoint do
|
|||
signing_salt: {Pleroma.Config, :get, [[__MODULE__, :signing_salt], "CqaoopA2"]},
|
||||
http_only: true,
|
||||
secure: secure_cookies,
|
||||
extra: same_site
|
||||
extra: extra
|
||||
)
|
||||
|
||||
# Note: the plug and its configuration is compile-time this can't be upstreamed yet
|
||||
|
|
Loading…
Reference in a new issue