kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3547 from sbwalker/dev

Browse Source 
set authentication cookie to HttpOnly
This commit is contained in:
Shaun Walker 2023-12-12 15:56:30 -05:00 committed by GitHub
commit c832d61409
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
View File

@ -124,7 +124,7 @@ namespace Microsoft.Extensions.DependencyInjection
// note that ConfigureApplicationCookie internally uses an ApplicationScheme of "Identity.Application" // note that ConfigureApplicationCookie internally uses an ApplicationScheme of "Identity.Application"
services.ConfigureApplicationCookie(options => services.ConfigureApplicationCookie(options =>
{ {
options.Cookie.HttpOnly = false; options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Strict; options.Cookie.SameSite = SameSiteMode.Strict;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Events.OnRedirectToLogin = context => options.Events.OnRedirectToLogin = context =>