Skip to content

Commit

Permalink
Disable Same-Site cookie implementation to fix SSO issues on WebKit b…
Browse files Browse the repository at this point in the history 
…rowsers (mastodon#9819)
  • Loading branch information
@moritzheiber @hiyuki2578
moritzheiber authored and hiyuki2578 committed Oct 2, 2019
1 parent 8f048f8 commit d75ddc9
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 4 deletions.
2 changes: 0 additions & 2 deletions config/initializers/devise.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
expires: 1.year.from_now,
httponly: true,
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
same_site: :lax,
}
end

Expand All @@ -21,7 +20,6 @@
expires: 1.year.from_now,
httponly: true,
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
same_site: :lax,
}
else
warden.logout
Expand Down
2 changes: 1 addition & 1 deletion config/initializers/session_store.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Be sure to restart your server when you modify this file.

Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), same_site: :lax
Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true')
1 change: 0 additions & 1 deletion spec/rails_helper.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ def sign_in(resource, _deprecated = nil, scope: nil)
value: resource.activate_session(warden.request),
expires: 1.year.from_now,
httponly: true,
same_site: :lax,
}
end
end
Expand Down

0 comments on commit d75ddc9

Please sign in to comment.