From 7fa0e43137d4f9a43e10deb05a449912662fb62d Mon Sep 17 00:00:00 2001
From: Carl Sixsmith <carl.sixsmith1@justice.gov.uk>
Date: Thu, 15 Aug 2024 11:59:43 +0100
Subject: [PATCH] the antiforgery token is different

---
 src/Server.UI/DependencyInjection.cs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/Server.UI/DependencyInjection.cs b/src/Server.UI/DependencyInjection.cs
index 67eeaab9..8eb38cad 100644
--- a/src/Server.UI/DependencyInjection.cs
+++ b/src/Server.UI/DependencyInjection.cs
@@ -31,10 +31,17 @@ public static WebApplicationBuilder AddServerUi(this WebApplicationBuilder build
         var services = builder.Services;
         var config = builder.Configuration;
         var environment = builder.Environment;
-
+        
+        
+        CookieSecurePolicy policy = CookieSecurePolicy.SameAsRequest;
+        if(config["IdentitySettings:SecureCookies"] is not null && config["IdentitySettings:SecureCookies"]!.Equals("True", StringComparison.CurrentCultureIgnoreCase))
+        {
+            policy = CookieSecurePolicy.Always;
+        }
+    
         services.AddAntiforgery(options =>
         {
-            options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+            options.Cookie.SecurePolicy = policy;
         });
 
         services.AddRazorComponents().AddInteractiveServerComponents();