Skip to content

Commit

Permalink
Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed)
Browse files Browse the repository at this point in the history
  • Loading branch information
@feist
feist committed May 19, 2015
1 parent c843c42 commit 8982045
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions pcsd/pcsd.rb
View file
Expand Up @@ -31,7 +31,9 @@

use Rack::Session::Cookie,
:expire_after => 60 * 60,
:secret => secret
:secret => secret,
:secure => true, # only send over HTTPS
:httponly => true # don't provide to javascript

#use Rack::SSL

Expand All @@ -45,8 +47,6 @@
also_reload 'auth.rb'
also_reload 'wizard.rb'

enable :sessions

before do
$session = session
$cookies = cookies
Expand Down

0 comments on commit 8982045

Please sign in to comment.