Merge pull request 'Added cookie policies on AddLiteCharmsWebSecurity' (#125 ) from dataprotection into master

Reviewed-on: #125
Added cookie policies on AddLiteCharmsWebSecurity
2026-06-14 12:51:25 +02:00 · 2026-06-14 12:50:13 +02:00
2 changed files with 20 additions and 13 deletions
@@ -3,9 +3,6 @@ using LiteCharms.Features.Api;
 using LiteCharms.Features.Api.Configuration;
 using LiteCharms.Features.Api.Sdk;
 using LiteCharms.Features.Postgres;
-using Microsoft.AspNetCore.Hosting;
-using System.Runtime.InteropServices;
-using System.Security.Cryptography.X509Certificates;

 namespace LiteCharms.Features.Extensions;

@@ -75,17 +72,26 @@ public static class Api
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
-        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
+        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
+        {
+            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.Cookie.SameSite = SameSiteMode.Lax;
+            options.Cookie.Name = "LiteCharmsApp.Session";
+        })
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.Authority = authOptions.Authority;
-
            options.ClientId = authOptions.ClientId;
            options.ClientSecret = authOptions.ClientSecret;
            options.ResponseType = "code";
        
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;        
+            options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.CorrelationCookie.SameSite = SameSiteMode.None;
+        
+            options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.NonceCookie.SameSite = SameSiteMode.None;
        
            options.ForwardSignOut = CookieAuthenticationDefaults.AuthenticationScheme;
        
@@ -197,6 +197,7 @@
  <!-- Shared Usings -->
  <ItemGroup>
    <Using Include="Microsoft.AspNetCore.DataProtection" />
+    <Using Include="System.Security.Cryptography.X509Certificates" />
    <Using Include="Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage" />
    <Using Include="System.Text.Json.Serialization" />
    <Using Include="System.Reflection" />
Author	SHA1	Message	Date
khwezi	a9aa0a675a	Merge pull request 'Added cookie policies on AddLiteCharmsWebSecurity' (#125 ) from dataprotection into master Reviewed-on: #125	2026-06-14 12:51:25 +02:00
Khwezi Mngoma	6418d27f5a	Added cookie policies on AddLiteCharmsWebSecurity continuous-integration/drone/pr Build is passing Details	2026-06-14 12:50:13 +02:00