Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't track the Accept-Language header by default.
Some modern browsers (e.g., Safari 12, Chrome 71) don't set the Accept-Language header for websocket requests. A mixture of requests with and without this header results in unavailable sessions in websocket handlers due to the built-in Firesheep protection. The existing default is inappropriate for any applications employing Rack sessions for websocket connections.
- Loading branch information
Showing
2 changed files
with
1 addition
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters