set authentication cookie to HttpOnly

2023-12-12 15:56:16 -05:00 · 2023-12-12 15:56:16 -05:00 · ac701f28b5
commit ac701f28b5
parent 3c7633564f
1 changed files with 1 additions and 1 deletions
--- a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
@ -124,7 +124,7 @@ namespace Microsoft.Extensions.DependencyInjection
            // note that ConfigureApplicationCookie internally uses an ApplicationScheme of "Identity.Application"
            services.ConfigureApplicationCookie(options =>
            {
-                options.Cookie.HttpOnly = false;
+                options.Cookie.HttpOnly = true;
                options.Cookie.SameSite = SameSiteMode.Strict;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.Events.OnRedirectToLogin = context =>