From b47721a02d3fdfb1b6a565df29c85e7c51d8c490 Mon Sep 17 00:00:00 2001 From: Adam Mathes Date: Sat, 14 Feb 2026 11:02:38 -0800 Subject: feat: add secure_cookies configuration option\n\n- Added SecureCookies bool field to config.Settings\n- Added --secure-cookies command line flag\n- Updated CSRFMiddleware to use config setting instead of hardcoded value\n- Default is false for local development, set to true for production HTTPS\n- Updated config.example and README.md with documentation\n- Updated tests to pass config to CSRFMiddleware\n\nThis allows users to easily switch between insecure cookies (for local dev)\nand secure cookies (for production HTTPS) via config file or command line. --- cmd/neko/main.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'cmd') diff --git a/cmd/neko/main.go b/cmd/neko/main.go index 47385b1..106a22e 100644 --- a/cmd/neko/main.go +++ b/cmd/neko/main.go @@ -27,7 +27,7 @@ func main() { } func Run(args []string) error { - var help, update, verbose, proxyImages bool + var help, update, verbose, proxyImages, secureCookies bool var configFile, dbfile, newFeed, export, password string var port, minutes int @@ -63,6 +63,8 @@ func Run(args []string) error { f.BoolVar(&proxyImages, "imageproxy", false, "rewrite and proxy all image requests") f.BoolVar(&proxyImages, "i", false, "rewrite and proxy all image requests (short)") + f.BoolVar(&secureCookies, "secure-cookies", false, "set Secure flag on cookies (requires HTTPS)") + f.BoolVar(&verbose, "verbose", false, "verbose output") f.BoolVar(&verbose, "v", false, "verbose output (short)") @@ -110,6 +112,10 @@ func Run(args []string) error { config.Config.ProxyImages = proxyImages } + if secureCookies != false { + config.Config.SecureCookies = secureCookies + } + models.InitDB() if update { -- cgit v1.2.3