mirror of https://github.com/tootsuite/mastodon
6f3d934bc1
CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site. |
||
|---|---|---|
| .. | ||
| controllers | ||
| fabricators | ||
| features | ||
| fixtures | ||
| helpers | ||
| lib | ||
| mailers | ||
| models | ||
| policies | ||
| presenters | ||
| requests | ||
| routing | ||
| services | ||
| support | ||
| validators | ||
| views | ||
| workers | ||
| rails_helper.rb | ||
| spec_helper.rb | ||