From 7138b1ed27e290112678d2bb2e859f5ebfcd813d Mon Sep 17 00:00:00 2001
From: josephschorr <josephschorr@users.noreply.github.com>
Date: Thu, 11 Aug 2016 17:18:10 -0400
Subject: [PATCH] Merge pull request #1712 from coreos-inc/force-session-cookie

Add option to force session cookies to be non-secure
---
 app.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index f88570183..9060b38a4 100644
--- a/app.py
+++ b/app.py
@@ -87,7 +87,8 @@ if app.config['SECRET_KEY'] is None:
 
 # If the "preferred" scheme is https, then http is not allowed. Therefore, ensure we have a secure
 # session cookie.
-if app.config['PREFERRED_URL_SCHEME'] == 'https':
+if (app.config['PREFERRED_URL_SCHEME'] == 'https' and
+    not app.config.get('FORCE_NONSECURE_SESSION_COOKIE', False)):
   app.config['SESSION_COOKIE_SECURE'] = True
 
 # Load features from config.