litecharms/components
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 114 Wiki Activity

Merge pull request 'Added cookie policies on AddLiteCharmsWebSecurity' (#125) from dataprotection into master

Browse Source 
Reviewed-on: #125
This commit was merged in pull request #125.
This commit is contained in:
Khwezi Mngoma
2026-06-14 12:51:25 +02:00
parent a763e5e40e 6418d27f5a
commit a9aa0a675a
2 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
LiteCharms.Features/Extensions/Api.cs
+11 -5
View File
@@ -3,9 +3,6 @@ using LiteCharms.Features.Api;
using LiteCharms.Features.Api.Configuration; using LiteCharms.Features.Api.Configuration;
using LiteCharms.Features.Api.Sdk; using LiteCharms.Features.Api.Sdk;
using LiteCharms.Features.Postgres; using LiteCharms.Features.Postgres;
using Microsoft.AspNetCore.Hosting;
using System.Runtime.InteropServices;
using System.Security.Cryptography.X509Certificates;
namespace LiteCharms.Features.Extensions; namespace LiteCharms.Features.Extensions;
@@ -75,17 +72,26 @@ public static class Api
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
}) })
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.Name = "LiteCharmsApp.Session";
})
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options => .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{ {
options.Authority = authOptions.Authority; options.Authority = authOptions.Authority;
options.ClientId = authOptions.ClientId; options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret; options.ClientSecret = authOptions.ClientSecret;
options.ResponseType = "code"; options.ResponseType = "code";
options.SaveTokens = true; options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true; options.GetClaimsFromUserInfoEndpoint = true;
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
options.CorrelationCookie.SameSite = SameSiteMode.None;
options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
options.NonceCookie.SameSite = SameSiteMode.None;
options.ForwardSignOut = CookieAuthenticationDefaults.AuthenticationScheme; options.ForwardSignOut = CookieAuthenticationDefaults.AuthenticationScheme;
LiteCharms.Features/LiteCharms.Features.csproj
+1
View File
@@ -197,6 +197,7 @@
<!-- Shared Usings --> <!-- Shared Usings -->
<ItemGroup> <ItemGroup>
<Using Include="Microsoft.AspNetCore.DataProtection" /> <Using Include="Microsoft.AspNetCore.DataProtection" />
<Using Include="System.Security.Cryptography.X509Certificates" />
<Using Include="Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage" /> <Using Include="Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage" />
<Using Include="System.Text.Json.Serialization" /> <Using Include="System.Text.Json.Serialization" />
<Using Include="System.Reflection" /> <Using Include="System.Reflection" />