Set _remote_user to HTTP Only

Sergio Oliveira
1 parent 0284e8ff
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
lib/omniauth/strategies/remote_user.rb
@@ -48,7 +48,7 @@ module OmniAuth
         request = Rack::Request.new(env)
         response = redirect_if_not_logging_in(request,_auth_path(request) )
         if response
-          response.set_cookie(options.internal_cookie, {value: uid , path: "#{request.script_name}"})
+          response.set_cookie(options.internal_cookie, {value: uid, path: "#{request.script_name}", httponly: true})
           response.finish
         end
       end
...	...	@@ -48,7 +48,7 @@ module OmniAuth
48	48	request = Rack::Request.new(env)
49	49	response = redirect_if_not_logging_in(request,_auth_path(request) )
50	50	if response
51		- response.set_cookie(options.internal_cookie, {value: uid , path: "#{request.script_name}"})
	51	+ response.set_cookie(options.internal_cookie, {value: uid, path: "#{request.script_name}", httponly: true})
52	52	response.finish
53	53	end
54	54	end
...	...