Skip to content

Commit

Permalink
accept cookie httponly
Browse files Browse the repository at this point in the history 
- this is only used server side so prevents client reading or tampering
  • Loading branch information
@asmega
asmega committed Nov 13, 2024
1 parent 37e3814 commit 8df7065
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 8 deletions.
12 changes: 8 additions & 4 deletions app/controllers/admin/cookies_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ class Admin::CookiesController < Admin::BaseAdminController
def accept
cookies.encrypted[:accept_cookies] = {
value: {state: true, message: true}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

respond_to do |format|
Expand All @@ -14,7 +15,8 @@ def accept
def reject
cookies.encrypted[:accept_cookies] = {
value: {state: false, message: true}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

respond_to do |format|
Expand All @@ -28,7 +30,8 @@ def hide

cookies.encrypted[:accept_cookies] = {
value: {state:, message: false}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

redirect_to request.env["HTTP_REFERER"]
Expand All @@ -39,7 +42,8 @@ def update

cookies.encrypted[:accept_cookies] = {
value: {state: form.accept, message: true}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

redirect_to admin_cookies_path
Expand Down
12 changes: 8 additions & 4 deletions app/controllers/cookies_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ class CookiesController < BasePublicController
def accept
cookies.encrypted[:accept_cookies] = {
value: {state: true, message: true}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

respond_to do |format|
Expand All @@ -16,7 +17,8 @@ def accept
def reject
cookies.encrypted[:accept_cookies] = {
value: {state: false, message: true}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

respond_to do |format|
Expand All @@ -30,7 +32,8 @@ def hide

cookies.encrypted[:accept_cookies] = {
value: {state:, message: false}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

redirect_to request.env["HTTP_REFERER"]
Expand All @@ -41,7 +44,8 @@ def update

cookies.encrypted[:accept_cookies] = {
value: {state: form.accept, message: true}.to_json,
expires: 90.days.from_now
expires: 90.days.from_now,
httponly: true
}

redirect_to cookies_path(current_journey_routing_name)
Expand Down

0 comments on commit 8df7065

Please sign in to comment.