samesite session

2025-02-17 11:04:22 +01:00 · 2019-12-23 19:20:24 -05:00 · 2019-12-23 19:20:24 -05:00 · b2724c0de8
commit b2724c0de8
parent 20c521e67b
2 changed files with 2 additions and 1 deletions
--- a/lib/philomena_web/endpoint.ex
+++ b/lib/philomena_web/endpoint.ex
@ -40,6 +40,7 @@ defmodule PhilomenaWeb.Endpoint do
  # Set :encryption_salt if you would also like to encrypt it.
  plug Plug.Session,
    store: :cookie,
+    extra: "SameSite=Lax",
    key: "_philomena_key",
    signing_salt: "signed cookie",
    encryption_salt: "authenticated encrypted cookie"
--- a/lib/philomena_web/plugs/content_security_policy_plug.ex
+++ b/lib/philomena_web/plugs/content_security_policy_plug.ex
@ -15,7 +15,7 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
  end

  def call(conn, [csp_value: csp_value]) do
-    Conn.put_resp_header(conn, "Content-Security-Policy", csp_value)
+    Conn.put_resp_header(conn, "content-security-policy", csp_value)
  end

  defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()