Skip to content

Commit

Permalink
Merge pull request #1403 from 18F/margolis-1915-lax-cookie
Browse files Browse the repository at this point in the history 
Set SameSite=Lax to fix OIDC CSP issue
  • Loading branch information
@zachmargolis
zachmargolis committed Apr 26, 2017
1 parent 52e6baf commit 51c570c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion config/initializers/secure_headers.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
secure: true, # mark all cookies as "Secure"
httponly: true, # mark all cookies as "HttpOnly"
samesite: {
strict: true # mark all cookies as SameSite=Strict.
lax: true # SameSite setting.
},
}

Expand Down

0 comments on commit 51c570c

Please sign in to comment.