diff --git a/app/controllers/api/v1/invitades_controller.rb b/app/controllers/api/v1/invitades_controller.rb index 2951b20..eb2a4f2 100644 --- a/app/controllers/api/v1/invitades_controller.rb +++ b/app/controllers/api/v1/invitades_controller.rb @@ -56,12 +56,13 @@ module Api # # Enviamos un token de protección CSRF def set_cookie + # TODO: Volver configurable por sitio + expires = ENV.fetch('COOKIE_DURATION', '30').to_i.minutes + headers['Access-Control-Allow-Origin'] = return_origin headers['Access-Control-Allow-Credentials'] = true headers['Vary'] = 'Origin' - - # TODO: Volver configurable por sitio - expires = ENV.fetch('COOKIE_DURATION', '30').to_i.minutes + headers['Cache-Control'] = "private, max-age=#{expires}, stale-while-revalidate=#{expires}" cookies.encrypted[site_id] = { httponly: true,