Make Cookie non-secure while in dev

main.go

@@ -64,27 +64,31 @@ func loginPost(c *gin.Context) {
 	username, _ := c.GetPostForm("username")
 	password, _ := c.GetPostForm("password")
 
-	if username == "jan" && password == "passwort" {
+	if username != "jan" || password != "passwort" {
-		// Create token
+		c.AbortWithStatus(http.StatusUnauthorized)
-		token := jwt.New(jwt.SigningMethodHS256)
+		return
-
-		// Set claims
-		//token.Claims["name"] = "Jan Bader"
-		//token.Claims["admin"] = true
-		//token.Claims["exp"] = time.Now().Add(time.Hour * expiration).Unix()
-
-		// Generate encoded token and send it as response.
-		t, err := token.SignedString([]byte(secret))
-		if err != nil {
-			c.AbortWithStatus(http.StatusUnauthorized)
-		}
-
-		c.SetCookie("authentication", t, (int)((expiration * time.Hour).Seconds()), "/", "localhost:8080", true, true)
-
-		c.JSON(http.StatusOK, map[string]string{
-			"token": t,
-		})
 	}
 
-	c.AbortWithStatus(http.StatusUnauthorized)
+	// Create token
+	token := jwt.New(jwt.SigningMethodHS256)
+
+	// Set claims
+	//token.Claims["name"] = "Jan Bader"
+	//token.Claims["admin"] = true
+	//token.Claims["exp"] = time.Now().Add(time.Hour * expiration).Unix()
+
+	// Generate encoded token and send it as response.
+	t, err := token.SignedString([]byte(secret))
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+	}
+
+	maxAge := (int)((expiration * time.Hour).Seconds())
+	c.SetCookie("authentication", t, maxAge, "", "", false, true)
+
+	c.JSON(http.StatusOK, map[string]string{
+		"token": t,
+	})
+	return
+
 }