tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Set secure policy on antiforgery cookie to always (#1052) 

* Set secure policy on antiforgery cookie to always

* Only include secure policy if base url begins with https

* Replace config with using base url generator

---------

Co-authored-by: James Sibbit <james.sibbit@d-fine.com>
pull/1055/head
MuchMilk 2 years ago
committed by GitHub
parent
3560fbaab2
commit
fcdeb95ed6
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs

8
backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
View File

@ -126,6 +126,14 @@ public static class IdentityServerServices
var identityOptions = c.GetRequiredService<IOptions<MyIdentityOptions>>().Value;
options.SuppressXFrameOptionsHeader = identityOptions.SuppressXFrameOptionsHeader;
// Set antiforgery cookie secure policy to always for https
var baseUrl = c.GetRequiredService<IUrlGenerator>().BuildUrl();
if (baseUrl.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
{
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
}
});
services.Configure<OpenIddictServerOptions>((c, options) =>

Write Preview
Loading…
Cancel
Save