From b47721a02d3fdfb1b6a565df29c85e7c51d8c490 Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Sat, 14 Feb 2026 11:02:38 -0800
Subject: feat: add secure_cookies configuration option\n\n- Added
 SecureCookies bool field to config.Settings\n- Added --secure-cookies command
 line flag\n- Updated CSRFMiddleware to use config setting instead of
 hardcoded value\n- Default is false for local development, set to true for
 production HTTPS\n- Updated config.example and README.md with
 documentation\n- Updated tests to pass config to CSRFMiddleware\n\nThis
 allows users to easily switch between insecure cookies (for local dev)\nand
 secure cookies (for production HTTPS) via config file or command line.

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index cfaf43f..362f78c 100644
--- a/README.md
+++ b/README.md
@@ -216,6 +216,8 @@ Usage of neko:
     	minutes between crawling feeds
   -p, --password string
     	password to access web interface
+      --secure-cookies
+    	set Secure flag on cookies (requires HTTPS)
   -u, --update
     	fetch feeds and store new items
   -v, --verbose
@@ -242,6 +244,7 @@ A subset of the command line options are supported in the configuration file, wi
    * imageproxy
    * minutes
    * password
+   * secure_cookies
 
 For example --
 
@@ -251,6 +254,7 @@ http: 9001
 imageproxy: true
 minutes: 90
 password: VeryLongRandomStringBecauseSecurityIsFun
+# secure_cookies: true  # Set to true when using HTTPS in production
 
 ```
 
-- 
cgit v1.2.3