From 80463e989384d36a952e5fdac0679bed524acad1 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Sun, 17 May 2015 10:36:21 +0200
Subject: [PATCH] Enforce the pagure cookie to be over https

---
 roles/pagure/templates/pagure.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/pagure/templates/pagure.cfg b/roles/pagure/templates/pagure.cfg
index 8fc0cc5505..2d3af707f3 100644
--- a/roles/pagure/templates/pagure.cfg
+++ b/roles/pagure/templates/pagure.cfg
@@ -117,7 +117,7 @@ PAGURE_AUTH = 'fas'
 # This may be set to False when testing your application but should always
 # be set to True in production.
 # Default: ``True``.
-SESSION_COOKIE_SECURE = False
+SESSION_COOKIE_SECURE = True
 
 # The name of the cookie used to store the session id.
 # Default: ``.pagure``.