travisf
Set a secure flag to a redis session key
I’ve been asked to add a secure flag to a cookie which I believe is being created as a result of this plug:
plug(
Plug.Session,
store: :redis,
# 1 day
expiration_in_seconds: 86_400
)
We are using Redbird as our adapter for Plug.Session but the cookie does not have a secure flag.
If I try adding something like: secure: true to the above plug I will get an invalid CSRF token error from Phoenix when I try to log in.
Most Liked
voltone
Your application may not be aware that requests are made over HTTPS. If TLS is terminated externally, in a load balancer or reverse proxy, Plug needs to be told to treat the request as HTTPS using a header. Plug.SSL can do that for you.
For Plug, see the Plug SSL guide for details. In Phoenix you’d typically use the force_ssl Endpoint configuration rather than Plug.SSL directly (it accepts the same options).
travisf
I started down the path of setting HTTPs locally based on the Endpoint configuration, but I think that was a bit more overhead based on our current setup. We ended up just setting secure to true in the production environment and not worrying about it locally (which I think the was the crux of my issue to begin with).
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








