From 80ac93faba31a961b0b92b3cbd592cd6a171fd56 Mon Sep 17 00:00:00 2001
From: Doug Martin <dmartin@concord.org>
Date: Tue, 19 Dec 2023 14:15:10 -0500
Subject: [PATCH] fix: Development logins

---
 rails/config/application.rb                | 2 +-
 rails/config/initializers/session_store.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/rails/config/application.rb b/rails/config/application.rb
index 8ace19d0af..bf99ac1e79 100644
--- a/rails/config/application.rb
+++ b/rails/config/application.rb
@@ -177,7 +177,7 @@ class Application < Rails::Application
 
     # Specify cookies SameSite protection level: either :none, :lax, or :strict.
     # When running tests, we want to use lax protection (breaks cucumber tests otherwise)
-    same_site_protection = (Rails.env.cucumber? || Rails.env.test? || Rails.env.feature_test?) ? :lax : :none
+    same_site_protection = (Rails.env.development? || Rails.env.cucumber? || Rails.env.test? || Rails.env.feature_test?) ? :lax : :none
     config.action_dispatch.cookies_same_site_protection = same_site_protection
 
     # Allow requests from any domain (skips DNS rebinding attack guards)
diff --git a/rails/config/initializers/session_store.rb b/rails/config/initializers/session_store.rb
index ee8b802d73..2d52ca8438 100644
--- a/rails/config/initializers/session_store.rb
+++ b/rails/config/initializers/session_store.rb
@@ -7,5 +7,5 @@
 # (create the session table with "rails generate session_migration")
 
 # For testing environments, we don't use SSL and can't set cookie to secure.
-secure = !(Rails.env.cucumber? || Rails.env.test? || Rails.env.feature_test?)
+secure = !(Rails.env.development? || Rails.env.cucumber? || Rails.env.test? || Rails.env.feature_test?)
 RailsPortal::Application.config.session_store :active_record_store, :key => '_rails_portal_session', secure: secure