lib/secure_headers/middleware.rb in secure_headers-4.0.0.alpha02 vs lib/secure_headers/middleware.rb in secure_headers-4.0.0.alpha03

@@ -36,10 +36,10 @@
       end
     end
 
     # disable Secure cookies for non-https requests
     def override_secure(env, config = {})
-      if scheme(env) != "https"
+      if scheme(env) != "https" && config != OPT_OUT
         config[:secure] = OPT_OUT
       end
 
       config
     end