docs/cookies.md in secure_headers-6.1.2 vs docs/cookies.md in secure_headers-6.2.0
- old
+ new
@@ -23,11 +23,11 @@
Boolean-based configuration is intended to globally enable or disable a specific cookie attribute. *Note: As of 4.0, you must use OPT_OUT rather than false to opt out of the defaults.*
```ruby
config.cookies = {
secure: true, # mark all cookies as Secure
- httponly: OPT_OUT, # do not mark any cookies as HttpOnly
+ httponly: SecureHeaders::OPT_OUT, # do not mark any cookies as HttpOnly
}
```
#### Hash-based configuration
@@ -55,11 +55,11 @@
`Strict`, `Lax`, and `None` enforcement modes can also be specified using a Hash.
```ruby
config.cookies = {
samesite: {
- strict: { only: ['_rails_session'] },
- lax: { only: ['_guest'] },
- none: { only: ['_tracking'] },
+ strict: { only: ['session_id_duplicate'] },
+ lax: { only: ['_guest', '_rails_session', 'device_id'] },
+ none: { only: ['_tracking', 'saml_cookie', 'session_id'] },
}
}
```