From 0ba34fe80fbea9ac116ef432491a7b7ffcd93330 Mon Sep 17 00:00:00 2001
From: Tom Wiesing <tkw01536@gmail.com>
Date: Tue, 21 Nov 2023 13:34:21 +0100
Subject: [PATCH] Use secure cookies iff https is enabled

---
 internal/dis/component/server/server.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/internal/dis/component/server/server.go b/internal/dis/component/server/server.go
index 452376a..9b980b5 100644
--- a/internal/dis/component/server/server.go
+++ b/internal/dis/component/server/server.go
@@ -124,9 +124,7 @@ func (server *Server) Server(ctx context.Context, progress io.Writer) (public ht
 // CSRF returns a CSRF handler for the given function
 func (server *Server) csrf() func(http.Handler) http.Handler {
 	var opts []csrf.Option
-	if !server.Config.HTTP.HTTPSEnabled() {
-		opts = append(opts, csrf.Secure(false))
-	}
+	opts = append(opts, csrf.Secure(server.Config.HTTP.HTTPSEnabled()))
 	opts = append(opts, csrf.SameSite(csrf.SameSiteStrictMode))
 	opts = append(opts, csrf.CookieName(CSRFCookie))
 	opts = append(opts, csrf.FieldName(CSRFCookieField))