Configured AddLiteCharmsWebSecurity() to setup ConfigureCookieOidcSameSiteSupport()

2026-06-14 13:09:57 +02:00
parent 6418d27f5a
commit ddd823afab
1 changed files with 24 additions and 0 deletions
@@ -60,6 +60,8 @@ public static class Api
            .ProtectKeysWithCertificate(certificate)
            .SetApplicationName("LiteCharmsApp");

+        services.ConfigureCookieOidcSameSiteSupport();
+
        var configSection = configuration.GetSection(nameof(LiteCharmsSettings));

        var authOptions = new LiteCharmsSettings();
@@ -269,4 +271,26 @@ public static class Api

    public static string ToEndpointName(this Type target, string? annotation = "") =>
        $"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture);
+
+    private static void ConfigureCookieOidcSameSiteSupport(this IServiceCollection services)
+    {
+        services.Configure<CookiePolicyOptions>(options =>
+        {
+            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
+            options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
+            options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
+        });
+    }
+
+    private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
+    {
+        if (options.SameSite == SameSiteMode.None)
+        {
+            // Double check that we are executing under an HTTPS routing context before emitting 'None'
+            if (!httpContext.Request.IsHttps && httpContext.Request.Headers["X-Forwarded-Proto"] != "https")
+            {
+                options.SameSite = SameSiteMode.Unspecified;
+            }
+        }
+    }
 }