Added an option to disable https-only

config/config.go

@@ -14,10 +14,11 @@ type Device struct {
 }
 
 type config struct {
-	Server     string
+	Server        string
-	PassHash   string
+	PassHash      string
-	SessionTTL float64
+	SessionTTL    float64
-	Devices    []Device
+	StrictCookies bool
+	Devices       []Device
 }
 
 var Config config
@@ -26,8 +27,9 @@ var configPath string
 
 func init() {
 	Config = config{
-		Server:     ":8080",
+		Server:        ":8080",
-		SessionTTL: 10,
+		SessionTTL:    10,
+		StrictCookies: true,
 	}
 
 	// Locations to look for a config file for

example/config.toml

@@ -1,6 +1,7 @@
 Server = ":8080" # The address the webserver should bind to
 PassHash = "$2a$10$I.26oCzkjZ8qwfhbmeYM3.kppBjxtPsxkeE1Y.ULjVvA1IBPcQP42" # "password"
 SessionTTL = 10  # How many minutes sessions last for
+StrictCookies = true # Whether to use the strict cookie policy (HTTPS Only)
 
 [[Devices]]
   Alias = "SomeDevice"

web/auth.go

@@ -59,7 +59,7 @@ func auth(c echo.Context) error {
 		Name:     "session",
 		Value:    token,
 		Path:     "/",
-		Secure:   true,
+		Secure:   config.Config.StrictCookies,
 		HttpOnly: true,
 		SameSite: http.SameSiteStrictMode,
 	})