"headers" is provided by Rails, Rack can't rely on it
# Monkey-patch ActionDispatch to serve secure cookies to Tor Hidden Service
# users. Otherwise, ActionDispatch would drop the cookie over HTTP.
def write_cookie?(*)
- request.headers['Host'].ends_with?('.onion') || super
+ request.host.ends_with?('.onion') || super
end
end
end
module Rack
module SessionPersistedExtensions
def security_matches?(request, options)
- request.headers['Host'].ends_with?('.onion') || super
+ request.host.ends_with?('.onion') || super
end
end
end