From 62d59a09cf202d62190bad85ee97592799c46ad1 Mon Sep 17 00:00:00 2001
From: sbwalker <shaun.walker@siliqon.com>
Date: Mon, 14 Oct 2024 16:49:14 -0400
Subject: [PATCH] set HttpOnly to false for Localization cookie in static
 rendering

---
 .../Themes/Controls/Theme/LanguageSwitcher.razor | 16 ++++++++--------
 Oqtane.Server/Components/App.razor               |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Oqtane.Client/Themes/Controls/Theme/LanguageSwitcher.razor b/Oqtane.Client/Themes/Controls/Theme/LanguageSwitcher.razor
index fda0851a..819c8d72 100644
--- a/Oqtane.Client/Themes/Controls/Theme/LanguageSwitcher.razor
+++ b/Oqtane.Client/Themes/Controls/Theme/LanguageSwitcher.razor
@@ -56,16 +56,16 @@
                 var localizationCookieValue = CookieRequestCultureProvider.MakeCookieValue(new RequestCulture(culture));
 
                 HttpContext.Response.Cookies.Append(CookieRequestCultureProvider.DefaultCookieName, localizationCookieValue, new CookieOptions
-                    {
-                        Path = "/",
-                        Expires = DateTimeOffset.UtcNow.AddYears(365),
-                        SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
-                        Secure = true, // Ensure the cookie is only sent over HTTPS
-                        HttpOnly = true // Optional: Helps mitigate XSS attacks
-                    });
+                {
+                    Path = "/",
+                    Expires = DateTimeOffset.UtcNow.AddYears(365),
+                    SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
+                    Secure = true, // Ensure the cookie is only sent over HTTPS
+                    HttpOnly = false // cookie is updated using JS Interop in Interactive render mode
+                });
 
             }
-            NavigationManager.NavigateTo(NavigationManager.Uri.Replace($"?culture={culture}", ""), true);
+            NavigationManager.NavigateTo(NavigationManager.Uri.Replace($"?culture={culture}", ""));
         }
     }
 
diff --git a/Oqtane.Server/Components/App.razor b/Oqtane.Server/Components/App.razor
index 76ef58f0..35d71322 100644
--- a/Oqtane.Server/Components/App.razor
+++ b/Oqtane.Server/Components/App.razor
@@ -609,7 +609,7 @@
             Expires = DateTimeOffset.UtcNow.AddYears(1),
             SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax, // Set SameSite attribute
             Secure = true, // Ensure the cookie is only sent over HTTPS
-            HttpOnly = false // cookie is updated using JS Interop
+            HttpOnly = false // cookie is updated using JS Interop in Interactive render mode
         };
 
         Context.Response.Cookies.Append(