From 07dbd3da6237cb020bb7256032ee0e3b0143e5a0 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Wed, 24 Mar 2021 18:03:43 +0100
Subject: [PATCH] Secure cookies by default

---
 config-templates/config.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config-templates/config.php b/config-templates/config.php
index d7486c599..0bf9def7c 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -553,7 +553,7 @@ $config = [
      * through https. If the user can access the service through
      * both http and https, this must be set to FALSE.
      */
-    'session.cookie.secure' => false,
+    'session.cookie.secure' => true,
 
     /*
      * Set the SameSite attribute in the cookie.
@@ -790,7 +790,7 @@ $config = [
     'language.cookie.name' => 'language',
     'language.cookie.domain' => null,
     'language.cookie.path' => '/',
-    'language.cookie.secure' => false,
+    'language.cookie.secure' => true,
     'language.cookie.httponly' => false,
     'language.cookie.lifetime' => (60 * 60 * 24 * 900),
     'language.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
-- 
GitLab