mirror of https://github.com/tootsuite/mastodon
6f3d934bc1
CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site. |
||
---|---|---|
.. | ||
environments | ||
initializers | ||
locales | ||
webpack | ||
application.rb | ||
boot.rb | ||
brakeman.ignore | ||
database.yml | ||
deploy.rb | ||
environment.rb | ||
i18n-tasks.yml | ||
navigation.rb | ||
puma.rb | ||
routes.rb | ||
secrets.yml | ||
settings.yml | ||
sidekiq.yml | ||
themes.yml | ||
webpacker.yml |