Commit b9435737 authored by Nicolás Alvarez's avatar Nicolás Alvarez
Browse files

ansible: Disable secure cookies for the CSRF cookie too

We don't have SSL in the dev environment. I had already disabled secure
cookies for the PHP session cookie (session.cookie_secure), but Yii's
CSRF cookie still had the secure flag.
parent 928ef402
......@@ -44,7 +44,8 @@ return array(
'request' => array(
'enableCookieValidation' => true,
'enableCsrfValidation' => true,
'csrfCookie' => array('secure' => true, 'httpOnly' => true),
// We have no SSL in development
'csrfCookie' => array('secure' => false, 'httpOnly' => true),
),
'securityManager' => array(
'cryptAlgorithm' => 'rijndael-256',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment