Skip to content

Commit

Permalink
Disable Same-Site cookie implementation to fix SSO issues on WebKit b…
Browse files Browse the repository at this point in the history
…rowsers (#9819)
  • Loading branch information
moritzheiber authored and Gargron committed Jan 15, 2019
1 parent a12f6d1 commit ecf40d0
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 4 deletions.
2 changes: 0 additions & 2 deletions config/initializers/devise.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
expires: 1.year.from_now,
httponly: true,
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
same_site: :lax,
}
end

Expand All @@ -21,7 +20,6 @@
expires: 1.year.from_now,
httponly: true,
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
same_site: :lax,
}
else
warden.logout
Expand Down
2 changes: 1 addition & 1 deletion config/initializers/session_store.rb
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Be sure to restart your server when you modify this file.

Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'), same_site: :lax
Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true')
1 change: 0 additions & 1 deletion spec/rails_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ def sign_in(resource, _deprecated = nil, scope: nil)
value: resource.activate_session(warden.request),
expires: 1.year.from_now,
httponly: true,
same_site: :lax,
}
end
end
Expand Down

0 comments on commit ecf40d0

Please sign in to comment.