Roda 3.75.0 Released #343
jeremyevans
started this conversation in
General
Roda 3.75.0 Released
#343
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Roda 3.75.0 has been released!
New Features
A cookie_flags plugin has been added, for overriding, warning, or
raising for incorrect cookie flags. The plugin by default checks
whether the secure, httponly, and samesite=strict flags are set.
The default behavior is to add the appropriate flags if they are
not set, and change the samesite flag to strict if it is set to
something else. You can configure the flag checking behavior
via the :httponly, :same_site, and :secure options.
You can configure the action the plugin takes via the :action option.
The default action is to modify the flags, but the :action option can
be set to :raise, :warn, or :warn_and_modify to override the behavior.
The recommended way to use the plugin is to use it during testing,
and specify action: :raise, so you can catch places where cookies
are set with the wrong flags. Then you can fix those places to
use the correct flags, which is better than relying on the plugin
at runtime in production to fix incorrect flags.
Thanks,
Jeremy
Beta Was this translation helpful? Give feedback.
All reactions