mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-30 07:32:39 +01:00
Update session config to match laravel
Includes option to set secure cookies via env. Closes #817
This commit is contained in:
parent
9f4c64a676
commit
77727e7e50
@ -135,7 +135,7 @@ return [
|
|||||||
|
|
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
'domain' => null,
|
'domain' => env('SESSION_DOMAIN', null),
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
@ -148,6 +148,34 @@ return [
|
|||||||
|
|
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
'secure' => false,
|
'secure' => env('SESSION_SECURE_COOKIE', false),
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| HTTP Access Only
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| Setting this value to true will prevent JavaScript from accessing the
|
||||||
|
| value of the cookie and the cookie will only be accessible through
|
||||||
|
| the HTTP protocol. You are free to modify this option if needed.
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'http_only' => true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
| Same-Site Cookies
|
||||||
|
|--------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| This option determines how your cookies behave when cross-site requests
|
||||||
|
| take place, and can be used to mitigate CSRF attacks. By default, we
|
||||||
|
| do not enable this as other CSRF protection services are in place.
|
||||||
|
|
|
||||||
|
| Supported: "lax", "strict"
|
||||||
|
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
'same_site' => null,
|
||||||
|
|
||||||
];
|
];
|
||||||
|
Loading…
Reference in New Issue
Block a user