diff --git a/.travis.yml b/.travis.yml
index 5b18163..cdc0c47 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,6 +4,7 @@ cache: bundler
 rvm:
   - 2.5.7
   - 2.6.5
+  - 2.7.0
 
 before_install:
   - gem update bundler
@@ -11,4 +12,4 @@ before_install:
 env:
   - 'TEST_RAILS_VERSION="~> 5.1.6"'
   - 'TEST_RAILS_VERSION="~> 5.2.3"'
-  - 'TEST_RAILS_VERSION="~> 6.0.0"'
\ No newline at end of file
+  - 'TEST_RAILS_VERSION="~> 6.0.0"'
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7161f1b..374f20f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 4.1.0 (03-Feb-20)
+
+* Added a new [`angular_rails_csrf_secure` option](https://github.com/jsanders/angular_rails_csrf#secure-cookie) (thanks, [@DougKeller](https://github.com/DougKeller))
+* Tested against Ruby 2.7
+
 ## 4.0.1 (23-Dec-19)
 
 * Updated dependencies, tested against more recent Rubies and Rails
diff --git a/LICENSE b/LICENSE
index 4127550..be1ef2b 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,4 @@
-Copyright 2018 James Sanders, Ilya Bodrov
+Copyright 2020 James Sanders, Ilya Bodrov
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/README.md b/README.md
index 4398e3c..8014213 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,20 @@ end
 
 If `angular_rails_csrf_domain` is not set, it defaults to `nil`.
 
+### Secure Cookie
+
+To set a "secure" flag for the cookie, set the `angular_rails_csrf_secure` option to `true`:
+
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_secure = true
+end
+```
+
+`angular_rails_csrf_secure` defaults to `false`.
+
 ### Exclusions
 
 Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):
@@ -59,7 +73,7 @@ Sometimes you will want to skip setting the XSRF token for certain controllers (
 ```ruby
 class ExclusionsController < ApplicationController
   exclude_xsrf_token_cookie
-  
+
   # your actions here...
 end
 ```
@@ -78,6 +92,6 @@ and then
 $ rake test
 ```
 
-## License 
+## License
 
 Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).
diff --git a/lib/angular_rails_csrf/version.rb b/lib/angular_rails_csrf/version.rb
index b1d230b..17083c1 100644
--- a/lib/angular_rails_csrf/version.rb
+++ b/lib/angular_rails_csrf/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AngularRailsCsrf
-  VERSION = '4.0.1'
+  VERSION = '4.1.0'
 end
diff --git a/test/angular_rails_csrf_test.rb b/test/angular_rails_csrf_test.rb
index 560a0de..ec52318 100644
--- a/test/angular_rails_csrf_test.rb
+++ b/test/angular_rails_csrf_test.rb
@@ -32,32 +32,36 @@ class AngularRailsCsrfTest < ActionController::TestCase
   end
 
   test 'the domain is used if present' do
-    config = Rails.application.config
-    def config.angular_rails_csrf_domain
-      :all
-    end
+    begin
+      config = Rails.application.config
+      def config.angular_rails_csrf_domain
+        :all
+      end
 
-    get :index
-    assert @response.headers['Set-Cookie'].include?('.test.host')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_domain')
+      get :index
+      assert @response.headers['Set-Cookie'].include?('.test.host')
+      assert_valid_cookie
+      assert_response :success
+    ensure
+      config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
+    end
   end
 
   test 'the secure flag is set if configured' do
-    @request.headers['HTTPS'] = 'on'
+    begin
+      @request.headers['HTTPS'] = 'on'
 
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_secure) { true }
+      config = Rails.application.config
+      config.define_singleton_method(:angular_rails_csrf_secure) { true }
 
-    get :index
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    @request.headers['HTTPS'] = nil
-    config.instance_eval('undef :angular_rails_csrf_secure')
+      get :index
+      assert @response.headers['Set-Cookie'].include?('secure')
+      assert_valid_cookie
+      assert_response :success
+    ensure
+      @request.headers['HTTPS'] = nil
+      config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
+    end
   end
 
   test 'a custom name is used if present' do