jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix #4625: Cannot Sign Up on local Danbooru instance: Error ActionController::InvalidAuthenticityToken

Browse Source 
Bug: if someone ran server with RAILS_ENV=production, but tried to
access the site under http://, then logging in didn't work. This was
because we set the `secure` flag on cookies when running in the
production environment, because we assumed that in production you were
using HTTPS. If you weren't using HTTPS, then the `secure` flag
prevented session cookies from being sent under http://.

The default now is to use http:// instead of https:// for the
`canonical_url` option.

If you run a Danbooru instance, and you use HTTPS, you will have to
change the `canonical_url` config option to "https://www.mybooru.com".
This commit is contained in:
evazion
2021-04-11 16:44:12 -05:00
parent 9b0fcec7d0
commit f78d10a591
1 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
config/danbooru_default_config.rb
View File

@@ -30,17 +30,30 @@ module Danbooru
"Danbooru" "Danbooru"
end end
# The canonical hostname for the site, e.g. danbooru.donmai.us. # The public domain name of your site, e.g. "danbooru.donmai.us". If your
# site were called `www.mybooru.com`, then you would set this to "www.mybooru.com"
#
# By default, this is set to the machine hostname. You can use `hostnamectl`
# to change the machine hostname.
#
# You can set this to "localhost" if your site doesn't have a public domain name.
def hostname def hostname
Socket.gethostname Socket.gethostname
end end
# The canonical root url for the site (e.g. https://danbooru.donmai.us). # The URL of your site, e.g. https://danbooru.donmai.us.
# Images will be served from this URL by default. Change this to http:// if #
# you don't support HTTPS. Protip: use ngrok.com for easy HTTPS support # If you support HTTPS, change this to "https://www.mybooru.com". If you set
# during development. # this to https://, then you *must* use https:// to access your site. You can't
# use http:// because in HTTPS mode session cookies won't be sent over HTTP.
#
# Images will be served from this URL by default. See the `base_url` option
# for the `storage_manager` below if you want to serve images from a
# different domain.
#
# Protip: use ngrok.com for easy HTTPS support during development.
def canonical_url def canonical_url
"https://#{Danbooru.config.hostname}" "http://#{Danbooru.config.hostname}"
end end
# Contact email address of the admin. # Contact email address of the admin.