Merge pull request #3547 from sbwalker/dev

set authentication cookie to HttpOnly
2023-12-12 15:56:30 -05:00 · 2023-12-12 15:56:30 -05:00 · c832d61409
commit c832d61409
parent 53032140e7 ac701f28b5
1 changed files with 1 additions and 1 deletions
--- a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
@ -124,7 +124,7 @@ namespace Microsoft.Extensions.DependencyInjection
            // note that ConfigureApplicationCookie internally uses an ApplicationScheme of "Identity.Application"
            services.ConfigureApplicationCookie(options =>
            {
-                options.Cookie.HttpOnly = false;
+                options.Cookie.HttpOnly = true;
                options.Cookie.SameSite = SameSiteMode.Strict;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                options.Events.OnRedirectToLogin = context =>