root 4131c3c6f6 Fix CSRF cookie Secure flag for localhost development ...

- Changed hardcoded secure:true to req.secure || req.protocol === 'https'
- Allows CSRF cookies to work over HTTP on localhost
- Still enforces secure flag for HTTPS connections
- Enables OpenClaw programmatic API access

2026-03-13 05:30:09 +01:00

5.5 KiB

Raw Blame History

View Raw