routers: set csrf-token security depending on COOKIE_SECURE

AleksandrBulyshchenko · AleksandrBulyshchenko · commit 409cf99da60b · 2018-05-01T00:13:51.000+03:00
Signed-off-by: Aleksandr Bulyshchenko &lt;A.Bulyshchenko@globallogic.com&gt;
diff --git a/routers/routes/routes.go b/routers/routes/routes.go
@@ -114,6 +114,7 @@ func NewMacaron() *macaron.Macaron {
 		Secret:     setting.SecretKey,
 		Cookie:     setting.CSRFCookieName,
 		SetCookie:  true,
+		Secure:     setting.SessionConfig.Secure,
 		Header:     "X-Csrf-Token",
 		CookiePath: setting.AppSubURL,
 	}))
