feat: add secure_cookies configuration option\n\n- Added SecureCookies bool field to config.Settings\n- Added --secure-cookies command line flag\n- Updated CSRFMiddleware to use config setting instead of hardcoded value\n- Default is false for local development, set to true for production HTTPS\n- Updated config.example and README.md with documentation\n- Updated tests to pass config to CSRFMiddleware\n\nThis allows users to easily switch between insecure cookies (for local dev)\nand secure cookies (for production HTTPS) via config file or command line.

1 files changed, 7 insertions, 1 deletions

diff --git a/cmd/neko/main.go b/cmd/neko/main.go
index 47385b1..106a22e 100644
--- a/cmd/neko/main.go
+++ b/cmd/neko/main.go
@@ -27,7 +27,7 @@ func main() {
 }
 
 func Run(args []string) error {
-	var help, update, verbose, proxyImages bool
+	var help, update, verbose, proxyImages, secureCookies bool
 	var configFile, dbfile, newFeed, export, password string
 	var port, minutes int
 
@@ -63,6 +63,8 @@ func Run(args []string) error {
 	f.BoolVar(&proxyImages, "imageproxy", false, "rewrite and proxy all image requests")
 	f.BoolVar(&proxyImages, "i", false, "rewrite and proxy all image requests (short)")
 
+	f.BoolVar(&secureCookies, "secure-cookies", false, "set Secure flag on cookies (requires HTTPS)")
+
 	f.BoolVar(&verbose, "verbose", false, "verbose output")
 	f.BoolVar(&verbose, "v", false, "verbose output (short)")
 
@@ -110,6 +112,10 @@ func Run(args []string) error {
 		config.Config.ProxyImages = proxyImages
 	}
 
+	if secureCookies != false {
+		config.Config.SecureCookies = secureCookies
+	}
+
 	models.InitDB()
 
 	if update {