From 8f7fadf98151511defbeb49b1a3b5e0858a4eecb Mon Sep 17 00:00:00 2001 From: Pablo Brasero Date: Mon, 6 Oct 2025 16:57:34 +0100 Subject: [PATCH] Secure cookies only when HTTPS expected This is particularly important if running system tests with a remote Selenium instance. HTTPS and localhost are considered "secure" for this purpose, while a remote Selenium will connect to the app with HTTP instead. --- app/assets/javascripts/osm.js.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/javascripts/osm.js.erb b/app/assets/javascripts/osm.js.erb index d9b2530bf..56b6bd88e 100644 --- a/app/assets/javascripts/osm.js.erb +++ b/app/assets/javascripts/osm.js.erb @@ -27,7 +27,7 @@ OSM = { end.to_json %>, - cookies: Cookies.withAttributes({ path: "/", samesite: "lax", secure: true }), + cookies: Cookies.withAttributes({ path: "/", samesite: "lax", secure: <%= (Settings.server_protocol == "https").to_json %> }), DEFAULT_LOCALE: <%= I18n.default_locale.to_json %>, -- 2.39.5