Sha256: ace7fa102a30b70580c64dd24ea9d5c8eeb5a3cb955122bffdedc9c43a966cb9
Contents?: true
Size: 1.34 KB
Versions: 3
Compression:
Stored size: 1.34 KB
Contents
## Cookies
SecureHeaders supports `Secure`, `HttpOnly` and [`SameSite`](https://tools.ietf.org/html/draft-west-first-party-cookies-07) cookies. These can be defined in the form of a boolean, or as a Hash for more refined configuration.
__Note__: Regardless of the configuration specified, Secure cookies are only enabled for HTTPS requests.
#### Boolean-based configuration
Boolean-based configuration is intended to globally enable or disable a specific cookie attribute.
```ruby
config.cookies = {
secure: true, # mark all cookies as Secure
httponly: false, # do not mark any cookies as HttpOnly
}
```
#### Hash-based configuration
Hash-based configuration allows for fine-grained control.
```ruby
config.cookies = {
secure: { except: ['_guest'] }, # mark all but the `_guest` cookie as Secure
httponly: { only: ['_rails_session'] }, # only mark the `_rails_session` cookie as HttpOnly
}
```
#### SameSite cookie configuration
SameSite cookies permit either `Strict` or `Lax` enforcement mode options.
```ruby
config.cookies = {
samesite: {
strict: true # mark all cookies as SameSite=Strict
}
}
```
`Strict`, `Lax`, and `None` enforcement modes can also be specified using a Hash.
```ruby
config.cookies = {
samesite: {
strict: { only: ['_rails_session'] },
lax: { only: ['_guest'] },
none: { only: ['_tracking'] },
}
}
```
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| secure_headers-3.9.0 | docs/cookies.md |
| secure_headers-3.8.0 | docs/cookies.md |
| secure_headers-3.7.4 | docs/cookies.md |