File: upgrading-to-5-0.md

package info (click to toggle)
ruby-secure-headers 6.3.2-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 496 kB
  • sloc: ruby: 3,342; makefile: 5
file content (15 lines) | stat: -rw-r--r-- 553 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
## All cookies default to secure/httponly/SameSite=Lax

By default, *all* cookies will be marked as `SameSite=lax`,`secure`, and `httponly`. To opt-out, supply `SecureHeaders::OPT_OUT` as the value for `SecureHeaders.cookies` or the individual configs. Setting these values to `false` will raise an error.

```ruby
# specific opt outs
config.cookies = {
  secure: SecureHeaders::OPT_OUT,
  httponly: SecureHeaders::OPT_OUT,
  samesite: SecureHeaders::OPT_OUT,
}

# nuclear option, just make things work again
config.cookies = SecureHeaders::OPT_OUT
```