✨ Add :insecure-register flag.

This allows on-premise users skip the email validation.
2025-06-02 22:11:37 +02:00 · 2021-11-10 15:53:54 +01:00 · 2021-11-10 15:53:54 +01:00 · e7003dde83
commit e7003dde83
parent bf2a393fd3
10 changed files with 79 additions and 60 deletions
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@ -53,12 +53,13 @@

 (defn- add-cookies
  [response {:keys [id] :as session}]
-  (let [cors? (contains? cfg/flags :cors)]
+  (let [cors?   (contains? cfg/flags :cors)
+        secure? (contains? cfg/flags :secure-session-cookies)]
    (assoc response :cookies {cookie-name {:path "/"
                                           :http-only true
                                           :value id
                                           :same-site (if cors? :none :strict)
-                                           :secure true}})))
+                                           :secure secure?}})))

 (defn- clear-cookies
  [response]