Fix CSRF token cookie path

BetterErrors · Sep 24, 2020 · bb31639 · bb31639
1 parent a9d1c4b
commit bb31639
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/better_errors/middleware.rb b/lib/better_errors/middleware.rb
@@ -113,7 +113,7 @@ def show_error_page(env, exception=nil)
       response = Rack::Response.new(content, status_code, { "Content-Type" => "text/#{type}; charset=utf-8" })
 
       unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
-        response.set_cookie(CSRF_TOKEN_COOKIE_NAME, value: csrf_token, httponly: true, same_site: :strict)
+        response.set_cookie(CSRF_TOKEN_COOKIE_NAME, value: csrf_token, path: "/", httponly: true, same_site: :strict)
       end
 
       # In older versions of Rack, the body returned here is actually a Rack::BodyProxy which seems to be a bug.