From eabbb6bceb27dd92d99e4ad5dfa4c129198f99a2 Mon Sep 17 00:00:00 2001
From: Lakshay Kalbhor <lakshaykalbhor@gmail.com>
Date: Thu, 16 Sep 2021 12:39:10 +0530
Subject: [PATCH] feat: new flag for non https support

---
 config.go | 2 ++
 csrf.go   | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config.go b/config.go
index f4bd37e..6a6f83d 100644
--- a/config.go
+++ b/config.go
@@ -14,4 +14,6 @@ type Config struct {
 	Path string
 	// cookie domain
 	Domain string
+	// set this true for non https
+	Unsecure bool
 }
diff --git a/csrf.go b/csrf.go
index 8c9b599..db7408b 100644
--- a/csrf.go
+++ b/csrf.go
@@ -70,7 +70,7 @@ func (c *CSRF) Inject(handler fastglue.FastRequestHandler) fastglue.FastRequestH
 			Value:    value,
 			MaxAge:   c.cfg.MaxAge,
 			Path:     c.cfg.Path,
-			Secure:   true,
+			Secure:   !c.cfg.Unsecure,
 			HttpOnly: true,
 			SameSite: http.SameSite(c.cfg.SameSite),
 			Domain:   c.cfg.Domain,
@@ -152,7 +152,7 @@ func (c *CSRF) deny(r *fastglue.Request) {
 		Value:    "",
 		Expires:  fasthttp.CookieExpireDelete,
 		Path:     "/",
-		Secure:   true,
+		Secure:   !c.cfg.Unsecure,
 		HttpOnly: true,
 	}, r)