kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update AntiForgery Token Cookie Option to HTTPOnly = true;

Browse Source
This commit is contained in:
Cody 2024-08-07 13:21:18 -07:00 committed by GitHub
parent ffa0ca9379
commit 4bdf2e1cc0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Oqtane.Server/Startup.cs
View File

@ -100,6 +100,7 @@ namespace Oqtane
options.Cookie.Name = Constants.AntiForgeryTokenCookieName; options.Cookie.Name = Constants.AntiForgeryTokenCookieName;
options.Cookie.SameSite = SameSiteMode.Strict; options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Cookie.HttpOnly = true;
}); });
services.AddIdentityCore<IdentityUser>(options => { }) services.AddIdentityCore<IdentityUser>(options => { })