So I have taken over a website from a previous developer and I am not super sure how to add ‘Secure’ to the cookie.
@spec put_resp_cookie(t, binary, any(), Keyword.t()) :: t
def put_resp_cookie(%Conn{} = conn, key, value, opts \\ [])
when is_binary(key) and is_list(opts) do
%{resp_cookies: resp_cookies, scheme: scheme} = conn
{to_send_value, opts} = maybe_sign_or_encrypt_cookie(conn, key, value, opts)
cookie = [{:value, to_send_value} | opts] |> Map.new() |> maybe_secure_cookie(scheme)
resp_cookies = Map.put(resp_cookies, key, cookie)
update_cookies(%{conn | resp_cookies: resp_cookies}, &Map.put(&1, key, value))
end
defp maybe_sign_or_encrypt_cookie(conn, key, value, opts) do
{sign?, opts} = Keyword.pop(opts, :sign, false)
{encrypt?, opts} = Keyword.pop(opts, :encrypt, false)
case {sign?, encrypt?} do
{true, true} ->
raise ArgumentError,
":encrypt automatically implies :sign. Please pass only one or the other"
{true, false} ->
{Plug.Crypto.sign(conn.secret_key_base, key <> "_cookie", value, max_age(opts)), opts}
{false, true} ->
{Plug.Crypto.encrypt(conn.secret_key_base, key <> "_cookie", value, max_age(opts)), opts}
{false, false} when is_binary(value) ->
{value, opts}
{false, false} ->
raise ArgumentError, "cookie value must be a binary unless the cookie is signed/encrypted"
end
end
defp max_age(opts) do
[keys: Plug.Keys, max_age: Keyword.get(opts, :max_age, 86400)]
end
defp maybe_secure_cookie(cookie, :https), do: Map.put_new(cookie, :secure, true)
defp maybe_secure_cookie(cookie, _), do: cookie
The maybe_secure_cookie function at the end looks like it is putting it in there but I am not seeing it show up on the site when it is HTTPS.
Does anybody have any insight into this?
Thanks in advance!