Support secure cookie for csrf-token

[AleksandrBulyshchenko]

Fixes #1734

Currently SetCookie for csrf has secure hardcodded to false.
This passes security argument to cookie creation and set it by COOKIE_SECURE config var.

[thehowl]

Thank you for your pull request! And thanks for spotting the problem - I created #3833 yesterday (perhaps you didn't see it?). In any case, we should not modify vendor dependencies directly - we should try to modify the upstream repo first then pull it on Gitea (and Unknwon seems to be in the part of the year where he's actually active on the internet, so if you make PRs they have a chance to be merged).

Can you please do it on that repo and then pull the changes with Govendor?

[lafriks]

Yes, first PR in go-macron should be submitted and only than when it's merged we can do govendor fetch to update dependency from upstream

[AleksandrBulyshchenko]

@thehowl,
Sorry for the mess.

Can you please do it on that repo and then pull the changes with Govendor?

I've created go-macaron/csrf#7

[thehowl]

@AleksandrBulyshchenko upstream PR seems to have been merged. Can you update deps with govendor on this PR?

Many thanks!

[AleksandrBulyshchenko]

@thehowl,
I've updated the PR with fetched go-macaron/csrf

But as I can see build verification has failed - probably it requires projects in GOPATH on build server to be in sync.

[lafriks]

did you use govendor fetch github.com/go-macaron/csrf?

[AleksandrBulyshchenko]

@lafriks,

did you use govendor fetch github.com/go-macaron/csrf?

yes, exactly

[techknowlogick]

@AleksandrBulyshchenko The project is now using dep to manage dependencies. Could you update this PR to match? If you are unable (perhaps you don't have time) let us know and we can submit a new PR on your behalf.

cc: @sapk

[AleksandrBulyshchenko]

• Rebased onto master.
• Updated github.com/go-macaron/csrf with dep instead of govendor.

[codecov-io]

Codecov Report

Merging #3839 into master will increase coverage by <.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3839      +/-   ##
==========================================
+ Coverage   20.05%   20.06%   +<.01%     
==========================================
  Files         153      153              
  Lines       30344    30122     -222     
==========================================
- Hits         6086     6044      -42     
+ Misses      23345    23168     -177     
+ Partials      913      910       -3

Impacted Files	Coverage Δ
models/issue_assignees.go	27.84% <0%> (-4.18%)	⬇️
models/issue_user.go	72% <0%> (-0.73%)	⬇️
models/user.go	23.58% <0%> (-0.33%)	⬇️
models/issue_milestone.go	56.5% <0%> (-0.28%)	⬇️
models/release.go	0% <0%> (ø)	⬆️
routers/user/profile.go	0% <0%> (ø)	⬆️
models/webhook_slack.go	0% <0%> (ø)	⬆️
models/webhook_dingtalk.go	0% <0%> (ø)	⬆️
models/repo.go	17.89% <0%> (+0.04%)	⬆️
models/pull.go	17.27% <0%> (+0.09%)	⬆️
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 31067c0...c8d7625. Read the comment docs.