mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-30 07:32:39 +01:00
Update session config to match laravel
Includes option to set secure cookies via env. Closes #817
This commit is contained in:
parent
9f4c64a676
commit
77727e7e50
@ -135,7 +135,7 @@ return [
|
||||
|
|
||||
*/
|
||||
|
||||
'domain' => null,
|
||||
'domain' => env('SESSION_DOMAIN', null),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
@ -148,6 +148,34 @@ return [
|
||||
|
|
||||
*/
|
||||
|
||||
'secure' => false,
|
||||
'secure' => env('SESSION_SECURE_COOKIE', false),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| HTTP Access Only
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Setting this value to true will prevent JavaScript from accessing the
|
||||
| value of the cookie and the cookie will only be accessible through
|
||||
| the HTTP protocol. You are free to modify this option if needed.
|
||||
|
|
||||
*/
|
||||
|
||||
'http_only' => true,
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Same-Site Cookies
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This option determines how your cookies behave when cross-site requests
|
||||
| take place, and can be used to mitigate CSRF attacks. By default, we
|
||||
| do not enable this as other CSRF protection services are in place.
|
||||
|
|
||||
| Supported: "lax", "strict"
|
||||
|
|
||||
*/
|
||||
|
||||
'same_site' => null,
|
||||
|
||||
];
|
||||
|
Loading…
Reference in New Issue
Block a user