Merge pull request #140 from ministryofjustice/hotfix/secure-cookies

force https
ministryofjustice · Aug 15, 2024 · 0e4f2bb · 0e4f2bb
2 parents c7589ec + eabde67
commit 0e4f2bb
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/Server.UI/DependencyInjection.cs b/src/Server.UI/DependencyInjection.cs
@@ -147,6 +147,13 @@ public static WebApplication ConfigureServer(this WebApplication app, IConfigura
         app.UseAuthentication();
         app.UseAuthorization();
 
+
+        app.Use((context, next) =>
+        {
+            context.Request.Scheme = "https";
+            return next();
+        });
+
         app.Use(async (context, next) =>
         {
             context.Response.Headers.Append("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; object-src 'self' data:; frame-src 'self' data:;");