Monkey patch Rack::Session to send secure cookies to onions (#15725)

author Cecylia Bocovich <cohosh@torproject.org>

Sat, 13 Feb 2021 23:10:52 +0000 (18:10 -0500)

committer GitHub <noreply@github.com>

Sat, 13 Feb 2021 23:10:52 +0000 (00:10 +0100)
author Cecylia Bocovich <cohosh@torproject.org>
Sat, 13 Feb 2021 23:10:52 +0000 (18:10 -0500)
committer GitHub <noreply@github.com>
Sat, 13 Feb 2021 23:10:52 +0000 (00:10 +0100)
diff --git a/lib/action_dispatch/cookie_jar_extensions.rb b/lib/action_dispatch/cookie_jar_extensions.rb

index 44c39c1f8056ce7baa4efbde6fa341db50d5cb80..f7ffb6cc752bfba501cc8ddca034255b0922ef4b 100644 (file)
--- a/lib/action_dispatch/cookie_jar_extensions.rb
+++ b/lib/action_dispatch/cookie_jar_extensions.rb
@@ -13,3 +13,13 @@ module ActionDispatch
  end
  
  ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)
+
+module Rack
+  module SessionPersistedExtensions
+    def security_matches?(request, options)
+      request.headers['Host'].ends_with?('.onion') || super
+    end
+  end
+end
+
+Rack::Session::Abstract::Persisted.prepend(Rack::SessionPersistedExtensions)
author	Cecylia Bocovich <cohosh@torproject.org>
	Sat, 13 Feb 2021 23:10:52 +0000 (18:10 -0500)
committer	GitHub <noreply@github.com>
	Sat, 13 Feb 2021 23:10:52 +0000 (00:10 +0100)