From 803efe850153826107e132081cc5fb25a31cc49e Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Tue, 30 Mar 2021 03:44:04 -0500
Subject: [PATCH] Don't use secure cookes on non-HTTPS deployments.

Fixes not being able to login or signup when running in production mode
on a non-HTTPS site.
---
 config/initializers/session_store.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 2bbb72e68..57e700e39 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -7,5 +7,5 @@ Rails.application.config.session_store(
   domain: :all,
   tld_length: 2,
   same_site: :lax,
-  secure: Rails.env.production?
+  secure: Rails.env.production? && Danbooru.config.canonical_url.match?(%r!\Ahttps://!)
 )