From: Cecylia Bocovich <cohosh@torproject.org>
Date: Sat, 13 Feb 2021 23:10:52 +0000 (-0500)
Subject: Monkey patch Rack::Session to send secure cookies to onions (#15725)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=3447bd2f80111ce7373446182055c819a01c03b6;p=mastodon.git

Monkey patch Rack::Session to send secure cookies to onions (#15725)
---

diff --git a/lib/action_dispatch/cookie_jar_extensions.rb b/lib/action_dispatch/cookie_jar_extensions.rb
index 44c39c1f8..f7ffb6cc7 100644
--- a/lib/action_dispatch/cookie_jar_extensions.rb
+++ b/lib/action_dispatch/cookie_jar_extensions.rb
@@ -13,3 +13,13 @@ module ActionDispatch
 end
 
 ActionDispatch::Cookies::CookieJar.prepend(ActionDispatch::CookieJarExtensions)
+
+module Rack
+  module SessionPersistedExtensions
+    def security_matches?(request, options)
+      request.headers['Host'].ends_with?('.onion') || super
+    end
+  end
+end
+
+Rack::Session::Abstract::Persisted.prepend(Rack::SessionPersistedExtensions)