From a49920931b62738223ccfc72a2451d3cc32892a0 Mon Sep 17 00:00:00 2001
From: farhatahmad <ahmad.af.farhat@gmail.com>
Date: Wed, 31 Jan 2024 16:28:57 -0500
Subject: [PATCH] Added secure flag to cookies and enabled HSTS

---
 config/environments/production.rb                    |  3 +++
 config/initializers/session_store.rb                 | 12 +++++++++---
 ...3_add_default_recording_visibility_to_settings.rb |  3 +++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 9f91ad5db7..49b7048fd3 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -159,4 +159,7 @@
 
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
+
+  # Enable HSTS in production mode
+  config.ssl_options = { hsts: { preload: true, expires: 1.year, subdomains: true } }
 end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 02e5f6e023..aa0e8f3e2a 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -17,8 +17,14 @@
 # frozen_string_literal: true
 
 if ENV['LOADBALANCER_ENDPOINT'].present?
-  Rails.application.config.session_store :cookie_store, key: '_greenlight-3_0_session', domain: ENV.fetch('SESSION_DOMAIN_NAME', nil),
-                                                        path: ENV.fetch('RELATIVE_URL_ROOT', '/')
+  Rails.application.config.session_store :cookie_store,
+                                         key: '_greenlight-3_0_session',
+                                         domain: ENV.fetch('SESSION_DOMAIN_NAME', nil),
+                                         secure: Rails.env.production?,
+                                         path: ENV.fetch('RELATIVE_URL_ROOT', '/')
 else
-  Rails.application.config.session_store :cookie_store, key: '_greenlight-3_0_session', path: ENV.fetch('RELATIVE_URL_ROOT', '/')
+  Rails.application.config.session_store :cookie_store,
+                                         key: '_greenlight-3_0_session',
+                                         secure: Rails.env.production?,
+                                         path: ENV.fetch('RELATIVE_URL_ROOT', '/')
 end
diff --git a/db/data/20231213203353_add_default_recording_visibility_to_settings.rb b/db/data/20231213203353_add_default_recording_visibility_to_settings.rb
index 1968e4cf44..0ff135c4b8 100644
--- a/db/data/20231213203353_add_default_recording_visibility_to_settings.rb
+++ b/db/data/20231213203353_add_default_recording_visibility_to_settings.rb
@@ -4,6 +4,9 @@ class AddDefaultRecordingVisibilityToSettings < ActiveRecord::Migration[7.1]
   def up
     setting = Setting.create!(name: 'DefaultRecordingVisibility')
     SiteSetting.create!(setting:, value: 'Published', provider: 'greenlight')
+    Tenant.each do |tenant|
+      SiteSetting.create!(setting:, value: 'Published', provider: tenant.name)
+    end
   end
 
   def down