litecharms/components
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 114 Wiki Activity

Refactored CheckSameSite
continuous-integration/drone/pr Build is passing
Details

Browse Source
This commit is contained in:
Khwezi Mngoma
2026-06-14 22:50:31 +02:00
parent 9cb4b8264d
commit 40a5f94941
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
LiteCharms.Features/Extensions/Api.cs
+11 -2
View File
@@ -137,8 +137,17 @@ public static class Api
private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
{
if (options.SameSite == SameSiteMode.None)
if (!httpContext.Request.IsHttps && httpContext.Request.Headers["X-Forwarded-Proto"] != "https")
options.SameSite = SameSiteMode.Unspecified;
{
bool isSecure = httpContext.Request.IsHttps;
if (!isSecure && httpContext.Request.Headers.TryGetValue("X-Forwarded-Proto", out var proto))
isSecure = string.Equals(proto, "https", StringComparison.OrdinalIgnoreCase);
if (!isSecure && httpContext.Request.Headers.TryGetValue("Forwarded", out var forwarded))
isSecure = forwarded.ToString().Contains("proto=https", StringComparison.OrdinalIgnoreCase);
if (!isSecure) options.SameSite = SameSiteMode.Unspecified;
}
}
public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration)