Merge pull request #4078 from sbwalker/dev

fix #4075 - auth cookie being rejected under some scenarios - change from Strict to Lax to match latest .NET Identity configuration
2024-03-28 14:23:31 -04:00 · 2024-03-28 14:23:31 -04:00 · 1482166ba3
commit 1482166ba3
parent e410f82fdb 6b8dd9bf03
1 changed files with 1 additions and 1 deletions
--- a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
@ -157,7 +157,7 @@ namespace Microsoft.Extensions.DependencyInjection
            services.ConfigureApplicationCookie(options =>
            {
                options.Cookie.HttpOnly = true;
-                options.Cookie.SameSite = SameSiteMode.Strict;
+                options.Cookie.SameSite = SameSiteMode.Lax;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.Events.OnRedirectToLogin = context =>
                {