Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge pull request #4728 from sbwalker/dev

Browse Source 
set HttpOnly to false for Localization cookie in static rendering
This commit is contained in:
Shaun Walker
2024-10-14 16:49:27 -04:00
committed by GitHub
parent a68ff8a4f0 62d59a09cf
commit 2643d3396b
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Oqtane.Client/Themes/Controls/Theme/LanguageSwitcher.razor
View File

@ -56,16 +56,16 @@
var localizationCookieValue = CookieRequestCultureProvider.MakeCookieValue(new RequestCulture(culture)); var localizationCookieValue = CookieRequestCultureProvider.MakeCookieValue(new RequestCulture(culture));
HttpContext.Response.Cookies.Append(CookieRequestCultureProvider.DefaultCookieName, localizationCookieValue, new CookieOptions HttpContext.Response.Cookies.Append(CookieRequestCultureProvider.DefaultCookieName, localizationCookieValue, new CookieOptions
{ {
Path = "/", Path = "/",
Expires = DateTimeOffset.UtcNow.AddYears(365), Expires = DateTimeOffset.UtcNow.AddYears(365),
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
Secure = true, // Ensure the cookie is only sent over HTTPS Secure = true, // Ensure the cookie is only sent over HTTPS
HttpOnly = true // Optional: Helps mitigate XSS attacks HttpOnly = false // cookie is updated using JS Interop in Interactive render mode
}); });
} }
NavigationManager.NavigateTo(NavigationManager.Uri.Replace($"?culture={culture}", ""), true); NavigationManager.NavigateTo(NavigationManager.Uri.Replace($"?culture={culture}", ""));
} }
} }

2
Oqtane.Server/Components/App.razor
View File

@ -609,7 +609,7 @@
Expires = DateTimeOffset.UtcNow.AddYears(1), Expires = DateTimeOffset.UtcNow.AddYears(1),
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
Secure = true, // Ensure the cookie is only sent over HTTPS Secure = true, // Ensure the cookie is only sent over HTTPS
HttpOnly = false // cookie is updated using JS Interop HttpOnly = false // cookie is updated using JS Interop in Interactive render mode
}; };
Context.Response.Cookies.Append( Context.Response.Cookies.Append(