Project

secure_cookies2

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
secure_cookies2oreoshake/secure_cookiesHomepageDocumentationSource CodeBug Tracker
Secure your cookies with an API for opting out
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
2,276
Stars
2
Forks
0
Watchers
0
 Releases
Current version
0.1.0
Total releases
1
First release
2019-02-23
Latest release
2019-02-23
 Issues
Open Issues
2
Closed Issues
3
Total Issues
5
Issue Closure Rate
60%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
1
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Average date of last 50 commits
2019-02-24
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 2.0
rake
~> 10.0
 Project Readme

Build Status Gem Version

CookiesAndCream

CookiesAndCream is an extract of the cookie functionality from secure_headers. Rails has good header support but the cookie support is still lacking. Maybe one day this functionality will be added to rails core.

Note: the railtie currently isn't working (see #1) so there's a bit of manual setup for now.

Gemfile:

gem "cookies_and_cream"

A railtie will automatically insert the middleware for rails applications.

Configuration

These can be defined in the form of a boolean, or as a Hash for more refined configuration.

Defaults

By default, all cookies will get both Secure, HttpOnly, and SameSite=Lax.

CookiesAndCream.config = {
  secure: true, # defaults to true but will be a no op on non-HTTPS requests
  httponly: true, # defaults to true
  samesite: {  # defaults to set `SameSite=Lax`
    lax: true
  }
}

Boolean-based configuration

Boolean-based configuration is intended to globally enable or disable a specific cookie attribute. Note: As of 4.0, you must use OPT_OUT rather than false to opt out of the defaults.

CookiesAndCream.config = {
  secure: true, # mark all cookies as Secure
  httponly: OPT_OUT, # do not mark any cookies as HttpOnly
}

Hash-based configuration

Hash-based configuration allows for fine-grained control.

CookiesAndCream.config = {
  secure: { except: ['_guest'] }, # mark all but the `_guest` cookie as Secure
  httponly: { only: ['_rails_session'] }, # only mark the `_rails_session` cookie as HttpOnly
}

SameSite cookie configuration

SameSite cookies permit either Strict or Lax enforcement mode options.

CookiesAndCream.config = {
  samesite: {
    strict: true # mark all cookies as SameSite=Strict
  }
}

Strict and Lax enforcement modes can also be specified using a Hash.

CookiesAndCream.config = {
  samesite: {
    strict: { only: ['_rails_session'] },
    lax: { only: ['_guest'] }
  }
}