From aec5f4b3a5d433092bc072b9b889f6697b4050a2 Mon Sep 17 00:00:00 2001
From: Ming Deng <mingflycash@gmail.com>
Date: Sat, 12 Dec 2020 23:24:39 +0800
Subject: [PATCH] remove flag of XSRF cookie

---
 server/web/context/context.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/web/context/context.go b/server/web/context/context.go
index 53ed3d01..930c14a4 100644
--- a/server/web/context/context.go
+++ b/server/web/context/context.go
@@ -149,7 +149,8 @@ func (ctx *Context) XSRFToken(key string, expire int64) string {
 		token, ok := ctx.GetSecureCookie(key, "_xsrf")
 		if !ok {
 			token = string(utils.RandomCreateBytes(32))
-			ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "", true, true)
+			// TODO make it configurable
+			ctx.SetSecureCookie(key, "_xsrf", token, expire, "", "")
 		}
 		ctx._xsrfToken = token
 	}