Rails and Devise: check the "Safe flag" box when requesting via HTTPS, do not set the "Safe" flag if you do not request it via HTTPS

Question

Rails and Devise: check the "Safe flag" box when requesting via HTTPS, do not set the "Safe" flag if you do not request it via HTTPS

I am running a Rails 4.2 application that launches a dual stack: SSL and Non-SSL. I would like to set a security flag for cookies when a resource is requested via HTTPS, and I want to leave a flag when a resource is requested via simple HTTP.

Is there a way to achieve this in Rails (session cookies, cookies sent manually in code)? And especially when using Devise with the ability to remember.

+4

ruby-on-rails cookies https devise

ckruse Sep 08 '15 at 20:13

source share

1 answer

Confusion · Answer 1 · 2016-11-10T14:35:17+0000

, , , , https://github.com/mobalean/devise_ssl_session_verifiable , ( cookie http + https, cookie https, -, , https.

Rails and Devise: check the "Safe flag" box when requesting via HTTPS, do not set the "Safe" flag if you do not request it via HTTPS

More articles: