Merge pull request 'Refactored CheckSameSite' (#127 ) from dataprotection into master

Reviewed-on: #127
Refactored CheckSameSite
2026-06-14 22:52:05 +02:00 · 2026-06-14 22:50:31 +02:00
1 changed files with 11 additions and 2 deletions
@@ -137,8 +137,17 @@ public static class Api
    private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
    {
        if (options.SameSite == SameSiteMode.None)
-            if (!httpContext.Request.IsHttps && httpContext.Request.Headers["X-Forwarded-Proto"] != "https") 
+        {
-                options.SameSite = SameSiteMode.Unspecified;
+            bool isSecure = httpContext.Request.IsHttps;
            if (!isSecure && httpContext.Request.Headers.TryGetValue("X-Forwarded-Proto", out var proto))
                isSecure = string.Equals(proto, "https", StringComparison.OrdinalIgnoreCase);
            if (!isSecure && httpContext.Request.Headers.TryGetValue("Forwarded", out var forwarded))
                isSecure = forwarded.ToString().Contains("proto=https", StringComparison.OrdinalIgnoreCase);
            if (!isSecure) options.SameSite = SameSiteMode.Unspecified;
        }
    }
    public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration)
Author	SHA1	Message	Date
khwezi	f5a69de0a0	Merge pull request 'Refactored CheckSameSite' (#127 ) from dataprotection into master Reviewed-on: #127	2026-06-14 22:52:05 +02:00
Khwezi Mngoma	40a5f94941	Refactored CheckSameSite continuous-integration/drone/pr Build is passing Details	2026-06-14 22:50:31 +02:00