mirror of https://github.com/tootsuite/mastodon
6f3d934bc1
CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site. |
||
---|---|---|
.. | ||
controllers | ||
fabricators | ||
features | ||
fixtures | ||
helpers | ||
lib | ||
mailers | ||
models | ||
policies | ||
presenters | ||
requests | ||
routing | ||
services | ||
support | ||
validators | ||
views | ||
workers | ||
rails_helper.rb | ||
spec_helper.rb |