From de0f82598888a15fa490c495acae9290b477ac0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 30 Jul 2025 10:27:06 +0200
Subject: [PATCH] cookie session secure

---
 app.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index 23a960f..f51b5ce 100644
--- a/app.py
+++ b/app.py
@@ -107,6 +107,7 @@ SESSION_COOKIE_SECURE = app.config.get("SESSION_COOKIE_SECURE")
 
 app.config["COMPRESS_ALGORITHM"] = ["zstd", "br", "gzip", "deflate"]
 app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=SESSION_TIMEOUT_MINUTES)
+app.config["SESSION_COOKIE_SECURE"] = bool(app.config.get("SESSION_COOKIE_SECURE", False))
 
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
 DEBUG_MODE = app.config.get("DEBUG_MODE", False)
@@ -1125,7 +1126,7 @@ def system_auth():
                 "authorized",
                 AUTHORIZED_COOKIE_VALUE,
                 max_age=max_age,
-                secure=request.is_secure,
+                secure=app.config["SESSION_COOKIE_SECURE"],
             )
             return resp
         else: