Mark all cookies as Secure, and the cookies which are not
modified client side as HttpOnly.
map._object);
$.removeCookie("_osm_location");
map._object);
$.removeCookie("_osm_location");
- $.cookie("_osm_location", OSM.locationCookie(map), { expires: expiry, path: "/" });
+ $.cookie("_osm_location", OSM.locationCookie(map), { secure: true, expires: expiry, path: "/" });
});
if ($.cookie("_osm_welcome") !== "hide") {
});
if ($.cookie("_osm_welcome") !== "hide") {
$(".welcome .close").on("click", function () {
$(".welcome").removeClass("visible");
$(".welcome .close").on("click", function () {
$(".welcome").removeClass("visible");
- $.cookie("_osm_welcome", "hide", { expires: expiry, path: "/" });
+ $.cookie("_osm_welcome", "hide", { secure: true, expires: expiry, path: "/" });
});
var bannerExpiry = new Date();
});
var bannerExpiry = new Date();
$("#banner").hide();
e.preventDefault();
if (cookieId) {
$("#banner").hide();
e.preventDefault();
if (cookieId) {
- $.cookie(cookieId, "hide", { expires: bannerExpiry, path: "/" });
+ $.cookie(cookieId, "hide", { secure: true, expires: bannerExpiry, path: "/" });
select.on("change", function (e) {
chosenEngine = engines[e.target.selectedIndex];
select.on("change", function (e) {
chosenEngine = engines[e.target.selectedIndex];
- $.cookie("_osm_directions_engine", chosenEngine.id, { expires: expiry, path: "/" });
+ $.cookie("_osm_directions_engine", chosenEngine.id, { secure: true, expires: expiry, path: "/" });
getRoute(true, true);
});
getRoute(true, true);
});
csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
-cookie_policy = {
- :secure => SecureHeaders::OPT_OUT,
- :httponly => SecureHeaders::OPT_OUT
-}
-
SecureHeaders::Configuration.default do |config|
config.hsts = SecureHeaders::OPT_OUT
SecureHeaders::Configuration.default do |config|
config.hsts = SecureHeaders::OPT_OUT
config.csp = SecureHeaders::OPT_OUT
config.csp_report_only = SecureHeaders::OPT_OUT
end
config.csp = SecureHeaders::OPT_OUT
config.csp_report_only = SecureHeaders::OPT_OUT
end
-
- config.cookies = cookie_policy