From d07e692f3c5a132c785adde08dd1d58412b3ac97 Mon Sep 17 00:00:00 2001
From: Sergio Oliveira <sergio@tracy.com.br>
Date: Thu, 23 Apr 2015 13:44:00 -0300
Subject: [PATCH] Set _remote_user to HTTP Only

---
 lib/omniauth/strategies/remote_user.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/omniauth/strategies/remote_user.rb b/lib/omniauth/strategies/remote_user.rb
index 6984d2e..96a7014 100644
--- a/lib/omniauth/strategies/remote_user.rb
+++ b/lib/omniauth/strategies/remote_user.rb
@@ -48,7 +48,7 @@ module OmniAuth
         request = Rack::Request.new(env)
         response = redirect_if_not_logging_in(request,_auth_path(request) )
         if response
-          response.set_cookie(options.internal_cookie, {value: uid , path: "#{request.script_name}"})
+          response.set_cookie(options.internal_cookie, {value: uid, path: "#{request.script_name}", httponly: true})
           response.finish
         end
       end
--
libgit2 0.21.2