Merge pull request #4728 from sbwalker/dev
set HttpOnly to false for Localization cookie in static rendering
This commit is contained in:
Shaun Walker
@ -56,16 +56,16 @@
|
||||
var localizationCookieValue = CookieRequestCultureProvider.MakeCookieValue(new RequestCulture(culture));
|
||||
|
||||
HttpContext.Response.Cookies.Append(CookieRequestCultureProvider.DefaultCookieName, localizationCookieValue, new CookieOptions
|
||||
{
|
||||
Path = "/",
|
||||
Expires = DateTimeOffset.UtcNow.AddYears(365),
|
||||
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
|
||||
Secure = true, // Ensure the cookie is only sent over HTTPS
|
||||
HttpOnly = true // Optional: Helps mitigate XSS attacks
|
||||
});
|
||||
{
|
||||
Path = "/",
|
||||
Expires = DateTimeOffset.UtcNow.AddYears(365),
|
||||
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
|
||||
Secure = true, // Ensure the cookie is only sent over HTTPS
|
||||
HttpOnly = false // cookie is updated using JS Interop in Interactive render mode
|
||||
});
|
||||
|
||||
}
|
||||
NavigationManager.NavigateTo(NavigationManager.Uri.Replace($"?culture={culture}", ""), true);
|
||||
NavigationManager.NavigateTo(NavigationManager.Uri.Replace($"?culture={culture}", ""));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -609,7 +609,7 @@
|
||||
Expires = DateTimeOffset.UtcNow.AddYears(1),
|
||||
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
|
||||
Secure = true, // Ensure the cookie is only sent over HTTPS
|
||||
HttpOnly = false // cookie is updated using JS Interop
|
||||
HttpOnly = false // cookie is updated using JS Interop in Interactive render mode
|
||||
};
|
||||
|
||||
Context.Response.Cookies.Append(
|
||||
|
||||
Reference in New Issue
Block a user