From dc6e970a7f668a9030aff44100682b3a17dc6346 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sun, 7 Nov 2021 12:41:29 +0100
Subject: [PATCH] handle HTTP too

---
 core/admin/mailu/sso/views/base.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/mailu/sso/views/base.py b/core/admin/mailu/sso/views/base.py
index c11c588a..831949e7 100644
--- a/core/admin/mailu/sso/views/base.py
+++ b/core/admin/mailu/sso/views/base.py
@@ -38,7 +38,7 @@ def login():
             flask.session.regenerate()
             flask_login.login_user(user)
             response = flask.redirect(destination)
-            response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=True, httponly=True)
+            response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=app.config['SESSION_COOKIE_SECURE'], httponly=True)
             flask.current_app.logger.info(f'Login succeeded for {username} from {client_ip}.')
             return response
         else: