Explicitly set 'http_only' to true
This commit is contained in:
parent
4656a07e9e
commit
18ad8aaecf
1 changed files with 1 additions and 0 deletions
|
@ -50,6 +50,7 @@ defmodule Pleroma.Web.Endpoint do
|
|||
store: :cookie,
|
||||
key: "_pleroma_key",
|
||||
signing_salt: "CqaoopA2",
|
||||
http_only: true,
|
||||
secure:
|
||||
Application.get_env(:pleroma, Pleroma.Web.Endpoint) |> Keyword.get(:secure_cookie_flag),
|
||||
extra: "SameSite=Strict"
|
||||
|
|
Loading…
Reference in a new issue