Don't set and enforce secure cookie if TLS disabled

[Legogris]

• Disables secure middleware when TLS completely disabled
• Don't set secure cookie when TLS completely disabled

[Legogris]

Failing CI test looks unrelated to this change.

[j16r]

Hi @Legogris, thanks for the PR! We'd like to add a configuration flag to toggle secure cookies as we need secure cookies to be on, even when TLS is not being served by chainlink. See more details on https://www.pivotaltracker.com/n/projects/2129823/stories/166342566. This will allow us to keep the secure cookies flag even when we terminate TLS using nginx in front of our chainlink instances.

[dimroc]

@Legogris the PR allowing one to toggle secure cookies has been merged into master and can be found here: #1316

Use:

SECURE_COOKIES=false chainlink node ...

The secureMiddleware works as is with the flags set in options:

func (c Config) SessionOptions() sessions.Options {
	return sessions.Options{
		Secure:   c.SecureCookies(),
		HttpOnly: true,
		MaxAge:   86400 * 30,
	}

Let us know if you have any issues. If you're good to go, we'll go ahead and close this PR.

[Legogris]

@dimroc My bad, missed that it was done already - closing this.
BTW, how do you feel about adding a configuration option TLS_REDIRECT? We're doing the same thing as @j16r with our own TLS termination and handling this in the app would be nice.