Add option to force session cookies to be non-secure

2016-08-11 16:16:15 -04:00 · 2016-08-11 16:16:15 -04:00 · 26aa641eb0
commit 26aa641eb0
parent 4ea6f724c4
1 changed files with 2 additions and 1 deletions
--- a/app.py
+++ b/app.py
@ -87,7 +87,8 @@ if app.config['SECRET_KEY'] is None:

 # If the "preferred" scheme is https, then http is not allowed. Therefore, ensure we have a secure
 # session cookie.
-if app.config['PREFERRED_URL_SCHEME'] == 'https':
+if (app.config['PREFERRED_URL_SCHEME'] == 'https' and
+    not app.config.get('FORCE_NONSECURE_SESSION_COOKIE', False)):
  app.config['SESSION_COOKIE_SECURE'] = True

 # Load features from config.