fix: correct misleading IsDevelopment comments in WithSecure

Co-Authored-By: Virgil <virgil@lethean.io>

options.go

@@ -104,8 +104,8 @@ func WithSwagger(title, description, version string) Option {
 // WithSecure adds security headers middleware via gin-contrib/secure.
 // Default policy sets HSTS (1 year, includeSubDomains), X-Frame-Options DENY,
 // X-Content-Type-Options nosniff, and Referrer-Policy strict-origin-when-cross-origin.
-// SSL redirect is disabled (IsDevelopment=true) so the middleware works behind
-// a reverse proxy that terminates TLS.
+// SSL redirect is not enabled so the middleware works behind a reverse proxy
+// that terminates TLS.
 func WithSecure() Option {
 	return func(e *Engine) {
 		e.middlewares = append(e.middlewares, secure.New(secure.Config{

secure_test.go

@@ -144,9 +144,9 @@ func TestWithSecure_Good_CombinesWithOtherMiddleware(t *testing.T) {
 	}
 }
 
-func TestWithSecure_Bad_NoSSLRedirectInDevMode(t *testing.T) {
-	// The default WithSecure() uses IsDevelopment=true to avoid SSL redirects
-	// in test/dev environments. Verify plain HTTP requests are not redirected.
+func TestWithSecure_Bad_NoSSLRedirect(t *testing.T) {
+	// SSL redirect is not enabled — the middleware runs behind a TLS-terminating
+	// reverse proxy. Verify plain HTTP requests are not redirected.
 	gin.SetMode(gin.TestMode)
 	e, _ := api.New(api.WithSecure())
 
@@ -157,7 +157,7 @@ func TestWithSecure_Bad_NoSSLRedirectInDevMode(t *testing.T) {
 
 	// Should get 200, not a 301/302 redirect.
 	if w.Code != http.StatusOK {
-		t.Fatalf("expected 200 (no SSL redirect in dev mode), got %d", w.Code)
+		t.Fatalf("expected 200 (no SSL redirect), got %d", w.Code)
 	}
 }