From 7b53b8d43c2c072b457dcd19c8a09bcfc3721703 Mon Sep 17 00:00:00 2001
From: GammaC0de <gammac0de@users.noreply.github.com>
Date: Wed, 4 Jan 2023 22:47:25 +0200
Subject: [PATCH]  Set 'Secure' Attribute in session cookie

---
 src/pyload/webui/app/__init__.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/pyload/webui/app/__init__.py b/src/pyload/webui/app/__init__.py
index 5fa4bf0857..3441f5bab0 100644
--- a/src/pyload/webui/app/__init__.py
+++ b/src/pyload/webui/app/__init__.py
@@ -78,7 +78,7 @@ def _configure_templating(cls, app):
 
         app.create_jinja_environment()
 
-        # NOTE: enable autoescape for all file extensions (included .js)
+        # NOTE: enable auto escape for all file extensions (including .js)
         #       maybe this will break .txt rendering, but we don't render this kind of files actually
         #       that does not change 'default_for_string=False' (by default)
         app.jinja_env.autoescape = jinja2.select_autoescape(default=True)
@@ -102,6 +102,7 @@ def _configure_session(cls, app):
         app.config["SESSION_FILE_DIR"] = cache_path
         app.config["SESSION_TYPE"] = "filesystem"
         app.config["SESSION_COOKIE_NAME"] = "pyload_session"
+        app.config["SESSION_COOKIE_SECURE"] = app.config["PYLOAD_API"].get_config_value("webui", "use_ssl")
         app.config["SESSION_PERMANENT"] = False
 
         session_lifetime = max(app.config["PYLOAD_API"].get_config_value("webui", "session_lifetime"), 1) * 60