From 5a80b835797fffad8e203f6234536752d0c8406b Mon Sep 17 00:00:00 2001
From: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>
Date: Mon, 22 Jun 2020 12:27:20 +0200
Subject: [PATCH] fix(api): csrf over http in development (#39114)

---
 api-server/server/middlewares/csurf.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api-server/server/middlewares/csurf.js b/api-server/server/middlewares/csurf.js
index e21c2e638c9..af7ecafb094 100644
--- a/api-server/server/middlewares/csurf.js
+++ b/api-server/server/middlewares/csurf.js
@@ -5,7 +5,7 @@ export default function() {
     cookie: {
       domain: process.env.COOKIE_DOMAIN || 'localhost',
       sameSite: 'strict',
-      secure: true
+      secure: process.env.FREECODECAMP_NODE_ENV === 'production'
     }
   });
   return function csrf(req, res, next) {