raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-05 22:26:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Strip subdomains from session cookie host

Browse Source
This commit is contained in:
Matt-Yorkley
2021-09-01 23:21:52 +01:00
parent fd8de65749
commit dc8939c35f
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/application.rb
View File

@@ -39,7 +39,7 @@ module Openfoodnetwork
SessionCookieUpgrader, {
old_key: "_session_id",
new_key: "_ofn_session_id",
domain: "." + ENV["SITE_URL"].delete_prefix("www.")
domain: ".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}"
}
) if Rails.env.staging? || Rails.env.production?

10
config/initializers/session_store.rb
View File

@@ -3,9 +3,15 @@
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with "rails generate session_migration")
domain = if Rails.env.staging? || Rails.env.production?
".#{ENV['SITE_URL'].gsub(/^(www\.)|^(app\.)|^(staging\.)|^(stg\.)/, '')}"
else
:all
end
Openfoodnetwork::Application.config.session_store(
:active_record_store,
key: "_ofn_session_id",
domain: :all,
tld_length: 2
domain: domain
)