Skip to content

set *_COOKIE_SECURE by default

Bengfort requested to merge sec-cookie-secure into main

In !1676 (merged) I changed the default settings for cookies to be more secure. Back then I skipped *_COOKIE_SECURE because TLS is not available in development.

In the spirit of "security by default" I would like to set those by default and "unset" them for development.

Merge request reports