FYI, I believe this has been addressed by the settings as outlined in local_settings.py.example, as also evidenced by the documentation Doug referenced:
# If Horizon is being served through SSL, then uncomment the following two
# settings to better secure the cookies from security exploits
#CSRF_COOKIE_SECURE = True
#SESSION_COOKIE_SECURE = True
FYI, I believe this has been addressed by the settings as outlined in local_settings. py.example, as also evidenced by the documentation Doug referenced:
# If Horizon is being served through SSL, then uncomment the following two COOKIE_ SECURE = True
# settings to better secure the cookies from security exploits
#CSRF_COOKIE_SECURE = True
#SESSION_