Commit b3453c49 authored by Benjamin Neff's avatar Benjamin Neff Committed by Dennis Schubert

make session-cookie HttpOnly

closes #7041
parent 28dd8854
......@@ -3,6 +3,7 @@
## Refactor
* Indicate proper way to report bugs in the sidebar [#7039](https://github.com/diaspora/diaspora/pull/7039)
* Remove text color from notification mails and fix sender avatar [#7054](https://github.com/diaspora/diaspora/pull/7054)
* Make the session cookies HttpOnly again [#7041](https://github.com/diaspora/diaspora/pull/7041)
## Bug fixes
......
# Be sure to restart your server when you modify this file.
Diaspora::Application.config.session_store :cookie_store, key: '_diaspora_session', httponly: false
Diaspora::Application.config.session_store :cookie_store, key: "_diaspora_session", httponly: true
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment