diff options
Diffstat (limited to 'config/cookies.cr')
-rw-r--r-- | config/cookies.cr | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/config/cookies.cr b/config/cookies.cr new file mode 100644 index 0000000..8db93eb --- /dev/null +++ b/config/cookies.cr @@ -0,0 +1,25 @@ +require "./server" + +Lucky::Session.configure do |settings| + settings.key = "_diskfloppydotme_session" +end + +Lucky::CookieJar.configure do |settings| + settings.on_set = ->(cookie : HTTP::Cookie) { + # If ForceSSLHandler is enabled, only send cookies over HTTPS + cookie.secure(Lucky::ForceSSLHandler.settings.enabled) + + # By default, don't allow reading cookies with JavaScript + cookie.http_only(true) + + # Restrict cookies to a first-party or same-site context + cookie.samesite(:lax) + + # Set all cookies to the root path by default + cookie.path("/") + + # You can set other defaults for cookies here. For example: + # + # cookie.expires(1.year.from_now).domain("mydomain.com") + } +end |