litecharms/components
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 114 Wiki Activity

dataprotection #126

Merged
khwezi merged 2 commits from dataprotection into master 2026-06-14 13:12:20 +02:00
Conversation 0 Commits 2 Files Changed 1
+15 -22
1 changed files with 15 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9cb4b8264d - Show all commits
LiteCharms.Features/Extensions/Api.cs
+15 -22
View File
@@ -126,6 +126,21 @@ public static class Api
return services; return services;
} }
private static void ConfigureCookieOidcSameSiteSupport(this IServiceCollection services) =>
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
});
private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
{
if (options.SameSite == SameSiteMode.None)
if (!httpContext.Request.IsHttps && httpContext.Request.Headers["X-Forwarded-Proto"] != "https")
options.SameSite = SameSiteMode.Unspecified;
}
public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration) public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration)
{ {
var configSection = configuration.GetSection(nameof(LiteCharmsSettings)); var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
@@ -271,26 +286,4 @@ public static class Api
public static string ToEndpointName(this Type target, string? annotation = "") => public static string ToEndpointName(this Type target, string? annotation = "") =>
$"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture); $"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture);
private static void ConfigureCookieOidcSameSiteSupport(this IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
});
}
private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
{
if (options.SameSite == SameSiteMode.None)
{
// Double check that we are executing under an HTTPS routing context before emitting 'None'
if (!httpContext.Request.IsHttps && httpContext.Request.Headers["X-Forwarded-Proto"] != "https")
{
options.SameSite = SameSiteMode.Unspecified;
}
}
}
} }