cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

chg: [config] Force usage of secure cookie for session and csrf protection

refacto/CRUDComponent
Sami Mokaddem 2023-09-04 10:30:51 +02:00
parent 279c69c510
commit 9be8105565
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config/bootstrap.php
View File

@ -173,6 +173,14 @@ Mailer::setConfig(Configure::consume('Email'));
Log::setConfig(Configure::consume('Log')); Log::setConfig(Configure::consume('Log'));
Security::setSalt(Configure::consume('Security.salt')); Security::setSalt(Configure::consume('Security.salt'));
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_httponly' => true,
'session.cookie_secure' => true,
]
]);
/* /*
* Setup detectors for mobile and tablet. * Setup detectors for mobile and tablet.
*/ */

1
config/routes.php
View File

@ -49,6 +49,7 @@ $routes->scope('/', function (RouteBuilder $builder) {
// Register scoped middleware for in scopes. // Register scoped middleware for in scopes.
$builder->registerMiddleware('csrf', new CsrfProtectionMiddleware([ $builder->registerMiddleware('csrf', new CsrfProtectionMiddleware([
'httponly' => true, 'httponly' => true,
'secure' => true,
])); ]));
/* /*
* Apply a middleware to the current route scope. * Apply a middleware to the current route scope.