Skip to content
This repository has been archived by the owner on Feb 13, 2020. It is now read-only.

Latest commit

 

History

History
15 lines (12 loc) · 553 Bytes

upgrading-to-5-0.md

File metadata and controls

15 lines (12 loc) · 553 Bytes

All cookies default to secure/httponly/SameSite=Lax

By default, all cookies will be marked as SameSite=lax,secure, and httponly. To opt-out, supply SecureHeaders::OPT_OUT as the value for SecureHeaders.cookies or the individual configs. Setting these values to false will raise an error.

# specific opt outs
config.cookies = {
  secure: SecureHeaders::OPT_OUT,
  httponly: SecureHeaders::OPT_OUT,
  samesite: SecureHeaders::OPT_OUT,
}

# nuclear option, just make things work again
config.cookies = SecureHeaders::OPT_OUT