From eca540b77012ca83fcd44858b6157fb180c30d7d Mon Sep 17 00:00:00 2001
From: Ben Hearsum <bhearsum@mozilla.com>
Date: Wed, 12 Jun 2019 14:56:53 -0400
Subject: [PATCH] Always disable secure cookies in Balrog agent, because
 there's no point in just enabling them for localdev (#939)

---
 agent/balrogagent/client.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/agent/balrogagent/client.py b/agent/balrogagent/client.py
index 39f1cb1866..7e70e838b2 100644
--- a/agent/balrogagent/client.py
+++ b/agent/balrogagent/client.py
@@ -69,11 +69,8 @@ async def request(api_root, path, auth0_secrets, method="GET", data={}, headers=
         # https, which means it won't send back the session token by default,
         # which breaks csrf token validation. Changing the cookies to insecure
         # will let them be sent back, but it's a horrible back.
-        # Checking for this specific api_root makes sure it's only enabled for
-        # our deployed environments.
-        if api_root == "http://localhost:81/api":
-            for c in client.cookie_jar:
-                c["secure"] = False
+        for c in client.cookie_jar:
+            c["secure"] = False
 
         logging.debug("Sending %s request to %s", method, url)
         async with client.request(method, url, data=json.dumps(data), headers=headers) as resp: