Fix cookies for auth and captcha

authentication.go

@@ -121,8 +121,8 @@ func createTokenCookie(username string) (*http.Cookie, error) {
 		Name:     "token",
 		Value:    tokenString,
 		Expires:  expiration,
-		Secure:   true,
+		Secure:   httpsConfigured(),
 		HttpOnly: true,
-		SameSite: http.SameSiteStrictMode,
+		SameSite: http.SameSiteLaxMode,
 	}, nil
 }

captcha.go

@@ -105,8 +105,8 @@ func createCaptchaCookie() (*http.Cookie, error) {
 		Name:     "captcha",
 		Value:    tokenString,
 		Expires:  expiration,
-		Secure:   true,
+		Secure:   httpsConfigured(),
 		HttpOnly: true,
-		SameSite: http.SameSiteStrictMode,
+		SameSite: http.SameSiteLaxMode,
 	}, nil
 }

config.go

@@ -260,3 +260,7 @@ func initConfig() error {
 	}
 	return nil
 }
+
+func httpsConfigured() bool {
+	return appConfig.Server.PublicHTTPS || appConfig.Server.SecurityHeaders || strings.HasPrefix(appConfig.Server.PublicAddress, "https")
+}