From 0ab0343995f21bb357f10f3950e6488a8a14a5ed Mon Sep 17 00:00:00 2001
From: bergquist <carl.bergquist@gmail.com>
Date: Thu, 15 Feb 2018 10:56:29 +0100
Subject: [PATCH] mark redirect_to cookie as http only

closes #10829
---
 pkg/middleware/auth.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkg/middleware/auth.go b/pkg/middleware/auth.go
index 826287e12f3..65697a616ea 100644
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -51,7 +51,8 @@ func notAuthorized(c *Context) {
 		return
 	}
 
-	c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
+	c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/", nil, false, true)
+
 	c.Redirect(setting.AppSubUrl + "/login")
 }