fix #4075 - auth cookie being rejected under some scenarios - change from Strict to Lax to match latest .NET Identity configuration

2024-03-28 14:23:13 -04:00 · 2024-03-28 14:23:13 -04:00 · 6b8dd9bf03
commit 6b8dd9bf03
parent ee45ed8ec2
1 changed files with 1 additions and 1 deletions
--- a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
@ -157,7 +157,7 @@ namespace Microsoft.Extensions.DependencyInjection
            services.ConfigureApplicationCookie(options =>
            {
                options.Cookie.HttpOnly = true;
-                options.Cookie.SameSite = SameSiteMode.Strict;
+                options.Cookie.SameSite = SameSiteMode.Lax;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.Events.OnRedirectToLogin = context =>
                {