hamptonmoore
/
mastodon
forked from treehouse/mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7,598 Commits
7 Branches
0 Tags
179 MiB
Commit Graph

4 Commits (6ad76069096005d7b55d9c63a567f843997a8068)

Author SHA1 Message Date
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626) 
CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
 2018-09-08 23:54:28 +02:00
Naoki Kosaka 8d51ce4290 Fix enforce HTTPS in production. (#6180) 2018-01-05 20:04:22 +01:00
Eugen Rochko 9467b900a2 Make cookies https-only if LOCAL_HTTPS is true, set X-Frame-Options to DENY, 
add permissive CORS to API controllers
 2016-11-02 12:58:15 +01:00
Eugen Rochko 9c4856bdb1 Initial commit 2016-02-20 22:53:20 +01:00