From 273722dc7eeda8dff9d7feafe8d370d03ea461c1 Mon Sep 17 00:00:00 2001 From: Lorenzo Yario Date: Sat, 11 May 2024 04:45:39 -0700 Subject: [PATCH] set to false by default. this'll probably become true eventually though --- inc/config.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/inc/config.php b/inc/config.php index 9568fb0d..aadc4af7 100644 --- a/inc/config.php +++ b/inc/config.php @@ -194,9 +194,8 @@ // Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this. $config['cookies']['httponly'] = true; - // Do not allow logins via unencrypted HTTP. Should only be changed in testing environments or if you connect to a - // load-balancer without encryption. - $config['cookies']['secure_login_only'] = true; + // Do not allow logins via unencrypted HTTP. If your website uses HTTPS, turn this on. + $config['cookies']['secure_login_only'] = false; // Used to salt secure tripcodes ("##trip") and poster IDs (if enabled). $config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';