Use SameSite strict for cookies

2022-09-02 19:08:01 +02:00
parent 0a16f589e9
commit fe41d44548
1 changed files with 2 additions and 1 deletions
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@ -6,4 +6,5 @@ Rails.application.config.session_store :cookie_store,
  key: '_code_ocean_session',
  expire_after: 1.month,
  secure: Rails.env.production? || Rails.env.staging?,
-  path: Rails.application.config.relative_url_root
+  path: Rails.application.config.relative_url_root,
+  same_site: :strict