1
0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-30 07:32:39 +01:00

Update session config to match laravel

Includes option to set secure cookies via env.
Closes #817
This commit is contained in:
Dan Brown 2018-05-20 09:38:27 +01:00
parent 9f4c64a676
commit 77727e7e50
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9

View File

@ -135,7 +135,7 @@ return [
|
*/
'domain' => null,
'domain' => env('SESSION_DOMAIN', null),
/*
|--------------------------------------------------------------------------
@ -148,6 +148,34 @@ return [
|
*/
'secure' => false,
'secure' => env('SESSION_SECURE_COOKIE', false),
/*
|--------------------------------------------------------------------------
| HTTP Access Only
|--------------------------------------------------------------------------
|
| Setting this value to true will prevent JavaScript from accessing the
| value of the cookie and the cookie will only be accessible through
| the HTTP protocol. You are free to modify this option if needed.
|
*/
'http_only' => true,
/*
|--------------------------------------------------------------------------
| Same-Site Cookies
|--------------------------------------------------------------------------
|
| This option determines how your cookies behave when cross-site requests
| take place, and can be used to mitigate CSRF attacks. By default, we
| do not enable this as other CSRF protection services are in place.
|
| Supported: "lax", "strict"
|
*/
'same_site' => null,
];