From 44e7d2ab014613c3b08c8e5ec5b2497b6b6018bd Mon Sep 17 00:00:00 2001
From: Tensa <zenkins52@gmail.com>
Date: Wed, 15 Feb 2023 07:01:51 +0900
Subject: [PATCH] Remove Cookie secure options

almost server is not using https, so disable it.
---
 server.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server.js b/server.js
index 7ab5120d9..04b1039e0 100644
--- a/server.js
+++ b/server.js
@@ -70,6 +70,7 @@ const { invalidCsrfTokenError, generateToken, doubleCsrfProtection } = doubleCsr
 	cookieOptions: {
 		httpOnly: true,
 		sameSite: "strict",
+		secure: false
 	},
 	size: 64,
 	getTokenFromRequest: (req) => req.headers["x-csrf-token"]