From dc8939c35f70a193641c50f65aee3ea1e7fca039 Mon Sep 17 00:00:00 2001 From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com> Date: Wed, 1 Sep 2021 23:21:52 +0100 Subject: [PATCH 1/2] Strip subdomains from session cookie host --- config/application.rb | 2 +- config/initializers/session_store.rb | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/config/application.rb b/config/application.rb index c835223d4e..8d7efdcdc1 100644 --- a/config/application.rb +++ b/config/application.rb @@ -39,7 +39,7 @@ module Openfoodnetwork SessionCookieUpgrader, { old_key: "_session_id", new_key: "_ofn_session_id", - domain: "." + ENV["SITE_URL"].delete_prefix("www.") + domain: ".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}" } ) if Rails.env.staging? || Rails.env.production? diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index f5e1ed786f..799c1d3986 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -3,9 +3,15 @@ # Use the database for sessions instead of the cookie-based default, # which shouldn't be used to store highly confidential information # (create the session table with "rails generate session_migration") + +domain = if Rails.env.staging? || Rails.env.production? + ".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}" + else + :all + end + Openfoodnetwork::Application.config.session_store( :active_record_store, key: "_ofn_session_id", - domain: :all, - tld_length: 2 + domain: domain ) From 0459071ce304956afe5e2691886dc179bf8a86a5 Mon Sep 17 00:00:00 2001 From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com> Date: Thu, 2 Sep 2021 17:23:53 +0100 Subject: [PATCH 2/2] Set RAILS_ENV=test in test suite --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ff47fad6ba..e4af57a5fe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,6 +10,7 @@ env: TIMEZONE: UTC COVERAGE: true RSPEC_RETRY_RETRY_COUNT: 3 + RAILS_ENV: test jobs: test-controllers-and-serializers: