Set the cookie secure flag by default

mitre / vulcan

A web application to streamline the development of STIGs from SRGs

https://mitre-vulcan-prod.herokuapp.com/

Other

66 stars 17 forks source link

Set the cookie secure flag by default #641

Open ejaronne opened 1 month ago

ejaronne commented 1 month ago

using the Ruby on Rails Framework options

vanessuniq commented 1 month ago

Just checked, Vulcan uses the Devise’s rememberable module. Setting the secure flag and http only can be done by updating the devise config config/initializers/devise.rb, setting the the secure attribute for the cookie as follow:

config.rememberable_options = { secure: true, httponly: true }