-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit remember cookie to httponly #87
Comments
We can update this test to include the following: rails-authentication-from-scratch/test/controllers/sessions_controller_test.rb Lines 34 to 47 in b3e253f
remember_me_cookie = cookies.get_cookie("remember_token")
assert remember_me_cookie.http_only?
assert remember_me_cookie.secure?
assert_equal "Strict", remember_me_cookie.to_h["SameSite"] |
mdchaney
added a commit
to mdchaney/rails-authentication-from-scratch
that referenced
this issue
Jun 12, 2024
Asserts cookie is http_only, secure, and same-site is "strict". Closes stevepolitodesign#87.
mdchaney
added a commit
to mdchaney/rails-authentication-from-scratch
that referenced
this issue
Jun 14, 2024
1. Set to "secure" in production 2. Set to HttpOnly 3. SameSite set to strict. Closes stevepolitodesign#87.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Before
rails-authentication-from-scratch/app/controllers/concerns/authentication.rb
Lines 37 to 39 in b3e253f
After
Issues
set httponly cookie
The text was updated successfully, but these errors were encountered: