mastodon/config/initializers
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626)
CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
2018-09-08 23:54:28 +02:00
..
0_post_deployment_migrations.rb Add post-deployment migration system (#8182) 2018-08-13 13:40:01 +02:00
active_model_serializers.rb Disable AMS logging (#7623) 2018-05-26 01:08:31 +02:00
application_controller_renderer.rb
assets.rb
backtrace_silencers.rb
blacklists.rb
chewy.rb
content_security_policy.rb
cookies_serializer.rb
cors.rb
devise.rb feat(cookies): Use the same-site attribute to lax (#8626) 2018-09-08 23:54:28 +02:00
doorkeeper.rb Add more granular OAuth scopes (#7929) 2018-07-05 18:31:35 +02:00
fast_blank.rb
filter_parameter_logging.rb
http_client_proxy.rb Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into `ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901) 2018-06-29 15:36:02 +02:00
httplog.rb
inflections.rb
instrumentation.rb
kaminari_config.rb
mime_types.rb
oj.rb
omniauth.rb
open_uri_redirection.rb
ostatus.rb
pagination.rb
paperclip.rb Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423) 2018-08-25 13:27:08 +02:00
premailer_rails.rb
rack_attack.rb Add a missing question mark in rack_attack.rb (#7338) 2018-05-03 18:51:00 +02:00
rack_attack_logging.rb
redis.rb
session_activations.rb
session_store.rb feat(cookies): Use the same-site attribute to lax (#8626) 2018-09-08 23:54:28 +02:00
sidekiq.rb
simple_form.rb
single_user_mode.rb
statsd.rb
stoplight.rb
strong_migrations.rb
suppress_csrf_warnings.rb
trusted_proxies.rb
twitter_regex.rb Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor (#7810) 2018-06-15 20:21:47 +02:00
vapid.rb
wrap_parameters.rb