From 3dcee9651ddc68fce6c7dda65df72bf06f894f1a Mon Sep 17 00:00:00 2001 From: Shawn Catanzarite Date: Mon, 20 Mar 2017 14:45:51 -0700 Subject: [PATCH 1/2] update doc for cookie.secure to match new defaults and add addiitonal info see #1141 --- revel/skeleton/conf/app.conf.template | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/revel/skeleton/conf/app.conf.template b/revel/skeleton/conf/app.conf.template index b3d7e9d..d6aa35c 100644 --- a/revel/skeleton/conf/app.conf.template +++ b/revel/skeleton/conf/app.conf.template @@ -51,8 +51,10 @@ cookie.prefix = REVEL # server. This makes the cookie less likely to be exposed to cookie theft via # eavesdropping. # -# In dev mode, this will default to false, otherwise it will -# default to true. +# Defaults to false. If 'http.ssl' is enabled, this will automatically be enabled. +# This should only be true when Revel is handling SSL connections. If you are +# using a proxy in front of revel (Nginx, Apache, etc), then this should be left +# as false. # cookie.secure = false # Limit cookie access to a given domain From 5eac8fae044fecbc479701c4efc356f3f92c5599 Mon Sep 17 00:00:00 2001 From: Shawn Catanzarite Date: Mon, 20 Mar 2017 14:59:20 -0700 Subject: [PATCH 2/2] change up wording --- revel/skeleton/conf/app.conf.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/revel/skeleton/conf/app.conf.template b/revel/skeleton/conf/app.conf.template index d6aa35c..ea47e6a 100644 --- a/revel/skeleton/conf/app.conf.template +++ b/revel/skeleton/conf/app.conf.template @@ -51,7 +51,7 @@ cookie.prefix = REVEL # server. This makes the cookie less likely to be exposed to cookie theft via # eavesdropping. # -# Defaults to false. If 'http.ssl' is enabled, this will automatically be enabled. +# Defaults to false. If 'http.ssl' is enabled, this will be defaulted to true. # This should only be true when Revel is handling SSL connections. If you are # using a proxy in front of revel (Nginx, Apache, etc), then this should be left # as false.