Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706)

author: SagePtr <sageptr@gmail.com> 2018-08-14 22:16:37 +0200
committer: Lauris BH <lauris@nix.lv> 2018-08-14 23:16:37 +0300
commit: 0449330dbce812e67f3309c11e265eb6a5bc0c7e (patch)
tree: 92669658438500567ad0c5805708807d9a5d79aa /routers/user/setting/profile.go
parent: ca112f0a04ea7f4fdb8e6dc1e83e293a598abc50 (diff)
download: gitea-0449330dbce812e67f3309c11e265eb6a5bc0c7e.tar.gz
gitea-0449330dbce812e67f3309c11e265eb6a5bc0c7e.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/routers/user/setting/profile.go b/routers/user/setting/profile.go
index 6a2eacd09d..09073498f8 100644
--- a/routers/user/setting/profile.go
+++ b/routers/user/setting/profile.go
@@ -103,7 +103,7 @@ func ProfilePost(ctx *context.Context, form auth.UpdateProfileForm) {
 	}
 
 	// Update the language to the one we just set
-	ctx.SetCookie("lang", ctx.User.Language, nil, setting.AppSubURL)
+	ctx.SetCookie("lang", ctx.User.Language, nil, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
 
 	log.Trace("User settings updated: %s", ctx.User.Name)
 	ctx.Flash.Success(i18n.Tr(ctx.User.Language, "settings.update_profile_success"))
author	SagePtr <sageptr@gmail.com>	2018-08-14 22:16:37 +0200
committer	Lauris BH <lauris@nix.lv>	2018-08-14 23:16:37 +0300
commit	0449330dbce812e67f3309c11e265eb6a5bc0c7e (patch)
tree	92669658438500567ad0c5805708807d9a5d79aa /routers/user/setting/profile.go
parent	ca112f0a04ea7f4fdb8e6dc1e83e293a598abc50 (diff)
download	gitea-0449330dbce812e67f3309c11e265eb6a5bc0c7e.tar.gz gitea-0449330dbce812e67f3309c11e265eb6a5bc0c7e.zip