Skip to content

Commit

Permalink
Merge pull request #273 from aleksei-burlakov/http-only
Browse files Browse the repository at this point in the history 
Enable HttpOnly secure flag by default
  • Loading branch information
@aleksei-burlakov
aleksei-burlakov committed Nov 21, 2023
2 parents b482c8c + 37b7d69 commit 97c130d
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions hawk/app/lib/hawk/secure_cookies.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,7 @@ def call(env)
next if cookie.blank?
next if cookie =~ /;\s*secure/i

cookie << '; Secure'
cookie << '; HttpOnly' if ENV['HAWK_COOKIE_HTTP_ONLY'] == 'true'
cookie << '; Secure ; HttpOnly'
end

headers['Set-Cookie'] = cookies.join(COOKIE_SEPARATOR)
Expand Down

0 comments on commit 97c130d

Please sign in to comment.