From bbf88361be4032c2bb84a07222fd9dc23373dde3 Mon Sep 17 00:00:00 2001
From: Johan Mulder <johan@mumasoft.nl>
Date: Thu, 5 Sep 2019 11:53:16 +0200
Subject: [PATCH] Fixed invalid default value for SESSION_DOMAIN

As from commit 522cbd4dd735d5341b00cb797c23099e4a6714d9 the default value for
SESSION_DOMAIN is now set to "apc" if it's not supplied. This will lead to
CSRF token validation failures as described on
https://github.com/CachetHQ/Cachet/issues/2741#issuecomment-528282078

With this commit the SESSION_DOMAIN will just be empty when not explicitly
configured.
---
 entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 5fd333f1..b13a4cb5 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -104,7 +104,7 @@ initialize_system() {
   CACHE_DRIVER=${CACHE_DRIVER:-apc}
 
   SESSION_DRIVER=${SESSION_DRIVER:-apc}
-  SESSION_DOMAIN=${SESSION_DOMAIN:-apc}
+  SESSION_DOMAIN=${SESSION_DOMAIN:-}
   SESSION_SECURE_COOKIE=${SESSION_SECURE_COOKIE:-}
 
   QUEUE_DRIVER=${QUEUE_DRIVER:-database}