mastodon/config/initializers
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626)
CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
2018-09-08 23:54:28 +02:00
..
0_post_deployment_migrations.rb Add post-deployment migration system (#8182) 2018-08-13 13:40:01 +02:00
active_model_serializers.rb Disable AMS logging (#7623) 2018-05-26 01:08:31 +02:00
application_controller_renderer.rb
assets.rb HTML e-mails for UserMailer (#6256) 2018-01-16 03:29:11 +01:00
backtrace_silencers.rb
blacklists.rb
chewy.rb Fix #6509: Use pull queue for chewy jobs (#6513) 2018-02-20 17:25:16 +01:00
content_security_policy.rb Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00
cookies_serializer.rb
cors.rb Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00
devise.rb feat(cookies): Use the same-site attribute to lax (#8626) 2018-09-08 23:54:28 +02:00
doorkeeper.rb Add more granular OAuth scopes (#7929) 2018-07-05 18:31:35 +02:00
fast_blank.rb
filter_parameter_logging.rb
http_client_proxy.rb Merge HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY into ALLOW_ACCESS_TO_HIDDEN_SERVICE (#7901) 2018-06-29 15:36:02 +02:00
httplog.rb
inflections.rb
instrumentation.rb
kaminari_config.rb
mime_types.rb
oj.rb
omniauth.rb Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669) 2018-03-07 06:19:10 +01:00
open_uri_redirection.rb
ostatus.rb
pagination.rb
paperclip.rb Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423) 2018-08-25 13:27:08 +02:00
premailer_rails.rb HTML e-mails for UserMailer (#6256) 2018-01-16 03:29:11 +01:00
rack_attack.rb Add a missing question mark in rack_attack.rb (#7338) 2018-05-03 18:51:00 +02:00
rack_attack_logging.rb Log rate limit hits (#7096) 2018-04-10 01:20:18 +02:00
redis.rb
session_activations.rb Revocable sessions (#3616) 2017-06-23 18:50:53 +02:00
session_store.rb feat(cookies): Use the same-site attribute to lax (#8626) 2018-09-08 23:54:28 +02:00
sidekiq.rb Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079) 2018-04-10 16:08:28 +02:00
simple_form.rb
single_user_mode.rb
statsd.rb
stoplight.rb Add a circuit breaker for ActivityPub deliveries (#7053) 2018-04-07 21:36:58 +02:00
strong_migrations.rb
suppress_csrf_warnings.rb Suppress CSRF token warnings (#6240) 2018-01-15 06:51:23 +01:00
trusted_proxies.rb
twitter_regex.rb Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor (#7810) 2018-06-15 20:21:47 +02:00
vapid.rb
wrap_parameters.rb