diff --git a/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs b/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs index c25e7736e..b5a730c3b 100644 --- a/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs +++ b/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs @@ -126,6 +126,14 @@ public static class IdentityServerServices var identityOptions = c.GetRequiredService>().Value; options.SuppressXFrameOptionsHeader = identityOptions.SuppressXFrameOptionsHeader; + + // Set antiforgery cookie secure policy to always for https + var baseUrl = c.GetRequiredService().BuildUrl(); + + if (baseUrl.StartsWith("https://", StringComparison.OrdinalIgnoreCase)) + { + options.Cookie.SecurePolicy = CookieSecurePolicy.Always; + } }); services.Configure((c, options) =>