From ddd823afab4a35e141baa89de5177292d8819557 Mon Sep 17 00:00:00 2001 From: Khwezi Mngoma Date: Sun, 14 Jun 2026 13:09:57 +0200 Subject: [PATCH] Configured AddLiteCharmsWebSecurity() to setup ConfigureCookieOidcSameSiteSupport() --- LiteCharms.Features/Extensions/Api.cs | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/LiteCharms.Features/Extensions/Api.cs b/LiteCharms.Features/Extensions/Api.cs index 0a72ceb..0fac5fa 100644 --- a/LiteCharms.Features/Extensions/Api.cs +++ b/LiteCharms.Features/Extensions/Api.cs @@ -60,6 +60,8 @@ public static class Api .ProtectKeysWithCertificate(certificate) .SetApplicationName("LiteCharmsApp"); + services.ConfigureCookieOidcSameSiteSupport(); + var configSection = configuration.GetSection(nameof(LiteCharmsSettings)); var authOptions = new LiteCharmsSettings(); @@ -269,4 +271,26 @@ public static class Api public static string ToEndpointName(this Type target, string? annotation = "") => $"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture); + + private static void ConfigureCookieOidcSameSiteSupport(this IServiceCollection services) + { + services.Configure(options => + { + options.MinimumSameSitePolicy = SameSiteMode.Unspecified; + options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); + options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); + }); + } + + private static void CheckSameSite(HttpContext httpContext, CookieOptions options) + { + if (options.SameSite == SameSiteMode.None) + { + // Double check that we are executing under an HTTPS routing context before emitting 'None' + if (!httpContext.Request.IsHttps && httpContext.Request.Headers["X-Forwarded-Proto"] != "https") + { + options.SameSite = SameSiteMode.Unspecified; + } + } + } }