Adds AntiForgery Cookie setting options.Cookie.HttpOnly = true;

2024-08-08 12:24:42 -07:00 · 2024-08-08 12:24:42 -07:00 · dcf919fb36
commit dcf919fb36
parent a5f8651941
1 changed files with 1 additions and 0 deletions
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@ -100,6 +100,7 @@ namespace Oqtane
                options.Cookie.Name = Constants.AntiForgeryTokenCookieName;
                options.Cookie.SameSite = SameSiteMode.Strict;
                options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                options.Cookie.HttpOnly = true;
            });

            services.AddIdentityCore<IdentityUser>(options => { })