From b47721a02d3fdfb1b6a565df29c85e7c51d8c490 Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Sat, 14 Feb 2026 11:02:38 -0800
Subject: feat: add secure_cookies configuration option\n\n- Added
 SecureCookies bool field to config.Settings\n- Added --secure-cookies command
 line flag\n- Updated CSRFMiddleware to use config setting instead of
 hardcoded value\n- Default is false for local development, set to true for
 production HTTPS\n- Updated config.example and README.md with
 documentation\n- Updated tests to pass config to CSRFMiddleware\n\nThis
 allows users to easily switch between insecure cookies (for local dev)\nand
 secure cookies (for production HTTPS) via config file or command line.

---
 config.example | 1 +
 1 file changed, 1 insertion(+)

(limited to 'config.example')

diff --git a/config.example b/config.example
index 8aa0ed3..b302cf0 100644
--- a/config.example
+++ b/config.example
@@ -3,3 +3,4 @@ http: 9001
 imageproxy: true
 minutes: 90
 password: VeryLongRandomStringBecauseSecurityIsFun
+# secure_cookies: true  # Set to true when using HTTPS in production
-- 
cgit v1.2.3