From 4bdf2e1cc08589611f015d1388b697ccb4bcfb0a Mon Sep 17 00:00:00 2001
From: Cody <cody@decacon.com>
Date: Wed, 7 Aug 2024 13:21:18 -0700
Subject: [PATCH] Update AntiForgery Token Cookie Option to HTTPOnly = true;

---
 Oqtane.Server/Startup.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Oqtane.Server/Startup.cs b/Oqtane.Server/Startup.cs
index d4bf0161..164d8661 100644
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@@ -100,6 +100,7 @@ namespace Oqtane
                 options.Cookie.Name = Constants.AntiForgeryTokenCookieName;
                 options.Cookie.SameSite = SameSiteMode.Strict;
                 options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                options.Cookie.HttpOnly = true;
             });
 
             services.AddIdentityCore<IdentityUser>(options => { })