f78d10a591
Bug: if someone ran server with RAILS_ENV=production, but tried to access the site under http://, then logging in didn't work. This was because we set the `secure` flag on cookies when running in the production environment, because we assumed that in production you were using HTTPS. If you weren't using HTTPS, then the `secure` flag prevented session cookies from being sent under http://. The default now is to use http:// instead of https:// for the `canonical_url` option. If you run a Danbooru instance, and you use HTTPS, you will have to change the `canonical_url` config option to "https://www.mybooru.com".
17 KiB
17 KiB