Default rails generated cookies to SameSite=Lax

author Tom Hughes <tom@compton.nu>

Mon, 17 May 2021 17:39:22 +0000 (18:39 +0100)

committer Tom Hughes <tom@compton.nu>

Mon, 17 May 2021 17:39:22 +0000 (18:39 +0100)
author Tom Hughes <tom@compton.nu>
Mon, 17 May 2021 17:39:22 +0000 (18:39 +0100)
committer Tom Hughes <tom@compton.nu>
Mon, 17 May 2021 17:39:22 +0000 (18:39 +0100)
diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb

index dd27b5e201aeb03582c10b0f585cdc4961852f93..f80d838e762217a907a0753136b23b2ebc6f0d7a 100644 (file)
--- a/config/initializers/new_framework_defaults_6_1.rb
+++ b/config/initializers/new_framework_defaults_6_1.rb
@@ -23,7 +23,7 @@ Rails.application.config.active_job.skip_after_callbacks_if_terminated = true
  #
  # This change is not backwards compatible with earlier Rails versions.
  # It's best enabled when your entire app is migrated and stable on 6.1.
-# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax
+Rails.application.config.action_dispatch.cookies_same_site_protection = :lax
  
  # Generate CSRF tokens that are encoded in URL-safe Base64.
  #
author	Tom Hughes <tom@compton.nu>
	Mon, 17 May 2021 17:39:22 +0000 (18:39 +0100)
committer	Tom Hughes <tom@compton.nu>
	Mon, 17 May 2021 17:39:22 +0000 (18:39 +0100)