如何在Firefox中默认情况下使Cookie安全(仅限https)? [英] How can I make cookies secure (https-only) by default in rails?
本文介绍了如何在Firefox中默认情况下使Cookie安全(仅限https)?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在Rails控制器中,我可以设置如下的Cookie:
In a Rails controller, I can set a cookie like this:
cookies[:foo] = "bar"
并指定安全(仅限https)标志如下:
And specify that the "secure" (https-only) flag be on like this:
cookies[:foo, :secure => true] = "bar"
:secure
默认情况下为false。
:secure
is false by default. How can I have cookies be secure by default, application-wide?
这是在Rails 2.3.8上的
This is on Rails 2.3.8
推荐答案
感谢@knx,你把我送到了正确的道路。这是我想出的monkeypatch,它似乎是工作:
Thanks @knx, you sent me down the right path. Here's the monkeypatch I came up with, which seems to be working:
class ActionController::Response
def set_cookie_with_security(key, value)
value = { :value => value } if Hash != value.class
value[:secure] = true
set_cookie_without_security(key, value)
end
alias_method_chain :set_cookie, :security
end
你觉得怎么样?
这篇关于如何在Firefox中默认情况下使Cookie安全(仅限https)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文