From b47721a02d3fdfb1b6a565df29c85e7c51d8c490 Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Sat, 14 Feb 2026 11:02:38 -0800
Subject: feat: add secure_cookies configuration option\n\n- Added
 SecureCookies bool field to config.Settings\n- Added --secure-cookies command
 line flag\n- Updated CSRFMiddleware to use config setting instead of
 hardcoded value\n- Default is false for local development, set to true for
 production HTTPS\n- Updated config.example and README.md with
 documentation\n- Updated tests to pass config to CSRFMiddleware\n\nThis
 allows users to easily switch between insecure cookies (for local dev)\nand
 secure cookies (for production HTTPS) via config file or command line.

---
 web/web_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'web/web_test.go')

diff --git a/web/web_test.go b/web/web_test.go
index c6cf306..0cd2764 100644
--- a/web/web_test.go
+++ b/web/web_test.go
@@ -737,7 +737,8 @@ func TestGzipMiddlewareNonCompressible(t *testing.T) {
 }
 
 func TestCSRFMiddleware(t *testing.T) {
-	handler := CSRFMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	cfg := &config.Settings{SecureCookies: false}
+	handler := CSRFMiddleware(cfg, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	}))
 
-- 
cgit v1.2.3