How can I make cookies secure (https-only) by default in rails?

后端未结

关注

 8  1985

不知归路 2021-02-01 14:34

In a Rails controller, I can set a cookie like this:

cookies[:foo] = \"bar\"

And specify that the \"secure\" (https-only) flag be on like this:

8条回答

误落风尘 (楼主)

2021-02-01 15:21

Thanks @knx, you sent me down the right path. Here's the monkeypatch I came up with, which seems to be working:

class ActionController::Response
  def set_cookie_with_security(key, value)
    value = { :value => value } if Hash != value.class
    value[:secure] = true
    set_cookie_without_security(key, value)
  end
  alias_method_chain :set_cookie, :security
end

What do you think?

0 讨论(0)

查看其它8个回答