From 0c9fb36c9124193f298d9b9dab16c1d80432f272 Mon Sep 17 00:00:00 2001
From: hiromi-mi <hiromi-mi@cat.zaq.jp>
Date: Sun, 7 Jun 2020 20:12:13 +0900
Subject: [PATCH] Set Secure Flag On Cookie When Served As HTTPS

See also: https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options
---
 app.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app.py b/app.py
index 23f2864..4debba9 100644
--- a/app.py
+++ b/app.py
@@ -93,6 +93,9 @@ app.register_blueprint(blueprints.indieauth.blueprint)
 app.register_blueprint(blueprints.tasks.blueprint)
 app.register_blueprint(blueprints.well_known.blueprint)
 app.config.update(WTF_CSRF_CHECK_DEFAULT=False)
+
+app.config.update(SESSION_COOKIE_SECURE=True if config.SCHEME == "https" else False)
+
 csrf.init_app(app)
 
 logger = logging.getLogger(__name__)