From 166d552fba626c562394f6b5555c2121ab510a47 Mon Sep 17 00:00:00 2001
From: Garret Wassermann <gwasser@gmail.com>
Date: Mon, 27 Sep 2021 22:12:32 -0400
Subject: [PATCH] Turn on secure cookie support if the server os environment
 expects to use secure connections

---
 helpdesk/settings.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/helpdesk/settings.py b/helpdesk/settings.py
index b5477f31..6437502e 100644
--- a/helpdesk/settings.py
+++ b/helpdesk/settings.py
@@ -5,6 +5,7 @@ Default settings for django-helpdesk.
 import warnings
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured
+import os
 
 DEFAULT_USER_SETTINGS = {
     'login_view_ticketlist': True,
@@ -22,6 +23,13 @@ except AttributeError:
 
 HAS_TAG_SUPPORT = False
 
+# check for secure cookie support
+if os.environ.get('SECURE_PROXY_SSL_HEADER'):
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+
 ##########################################
 # generic options - visible on all pages #
 ##########################################