LiteCharms.Features/Extensions/Api.cs

@@ -60,6 +60,8 @@ public static class Api
             .ProtectKeysWithCertificate(certificate)
             .SetApplicationName("LiteCharmsApp");
 
+        services.ConfigureCookieOidcSameSiteSupport();
+
         var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
 
         var authOptions = new LiteCharmsSettings();
@@ -124,6 +126,21 @@ public static class Api
         return services;
     }
 
+    private static void ConfigureCookieOidcSameSiteSupport(this IServiceCollection services) =>
+        services.Configure<CookiePolicyOptions>(options =>
+        {
+            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
+            options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
+            options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
+        });
+
+    private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
+    {
+        if (options.SameSite == SameSiteMode.None)
+            if (!httpContext.Request.IsHttps && httpContext.Request.Headers["X-Forwarded-Proto"] != "https") 
+                options.SameSite = SameSiteMode.Unspecified;
+    }
+
     public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration)
     {
         var configSection = configuration.GetSection(nameof(LiteCharmsSettings));