From 8fff3c04e3f6a08f2347d714f4a431ab9d1a6ba2 Mon Sep 17 00:00:00 2001
From: Guy Halse <guy@tenet.ac.za>
Date: Thu, 15 Dec 2016 21:30:25 +0200
Subject: [PATCH] Allow the language cookie to be secured

---
 config-templates/config.php        | 2 ++
 lib/SimpleSAML/Locale/Language.php | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config-templates/config.php b/config-templates/config.php
index 209137dc9..65f9c1fe1 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -656,6 +656,8 @@ $config = array(
     'language.cookie.name' => 'language',
     'language.cookie.domain' => null,
     'language.cookie.path' => '/',
+    'language.cookie.secure' => false,
+    'language.cookie.httponly' => false,
     'language.cookie.lifetime' => (60 * 60 * 24 * 900),
 
     /*
diff --git a/lib/SimpleSAML/Locale/Language.php b/lib/SimpleSAML/Locale/Language.php
index 43fae43e3..939bcba35 100644
--- a/lib/SimpleSAML/Locale/Language.php
+++ b/lib/SimpleSAML/Locale/Language.php
@@ -412,7 +412,8 @@ class Language
             'lifetime' => ($config->getInteger('language.cookie.lifetime', 60 * 60 * 24 * 900)),
             'domain'   => ($config->getString('language.cookie.domain', null)),
             'path'     => ($config->getString('language.cookie.path', '/')),
-            'httponly' => false,
+            'secure'   => ($config->getBoolean('language.cookie.secure', false)),
+            'httponly' => ($config->getBoolean('language.cookie.httponly', false)),
         );
 
         HTTP::setCookie($name, $language, $params, false);
-- 
GitLab