π Whatβs Changed
This releases adds new setting secure_cookies. Enable with PWP__SECURE_COOKIES=true or setting secure_cookies: true in your settings.yml.
Enabling this security feature will put in place a few security restrictions including:
- Only send cookies over HTTPS
- Prevent Javascript from accessing cookies
- Cookies can only be accessed in same-site requests
You can read more about the strategies employed here and the attack vectors it defends against here:
https://guides.rubyonrails.org/security.html#sessions
Note that this option is disabled by default as enabling it will break those running over HTTP, on intranets and possibly those running behind some proxies.
π Features
- Add a setting to use secure cookies (#3453) @ozovalihasan
β¬οΈ Dependencies updates
- Update the version of the mission_control-jobs gem (#3461) @ozovalihasan
- β¬οΈ Bump rqrcode from 2.2.0 to 3.1.0 (#3306) @dependabot[bot]
π₯ List of contributors
@dependabot[bot], @ozovalihasan, @pglombardo and dependabot[bot]
π₯οΈ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
πββοΈ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.58.0..and go to http://localhost:5100