diff --git a/src/Infrastructure/DependencyInjection.cs b/src/Infrastructure/DependencyInjection.cs index 4c2c6e1c..f053e941 100644 --- a/src/Infrastructure/DependencyInjection.cs +++ b/src/Infrastructure/DependencyInjection.cs @@ -308,10 +308,17 @@ private static IServiceCollection AddAuthenticationService(this IServiceCollecti services.AddSingleton(); + CookieSecurePolicy policy = CookieSecurePolicy.SameAsRequest; + if(configuration["IdentitySettings:SecureCookies"] is not null && configuration["IdentitySettings:SecureCookies"]!.Equals("True", StringComparison.CurrentCultureIgnoreCase)) + { + policy = CookieSecurePolicy.Always; + } + + services.ConfigureApplicationCookie(options => { options.LoginPath = "/pages/authentication/login"; options.Cookie.SameSite = SameSiteMode.Strict; - options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; + options.Cookie.SecurePolicy = policy; }); services diff --git a/src/Server.UI/DependencyInjection.cs b/src/Server.UI/DependencyInjection.cs index 67eeaab9..8eb38cad 100644 --- a/src/Server.UI/DependencyInjection.cs +++ b/src/Server.UI/DependencyInjection.cs @@ -31,10 +31,17 @@ public static WebApplicationBuilder AddServerUi(this WebApplicationBuilder build var services = builder.Services; var config = builder.Configuration; var environment = builder.Environment; - + + + CookieSecurePolicy policy = CookieSecurePolicy.SameAsRequest; + if(config["IdentitySettings:SecureCookies"] is not null && config["IdentitySettings:SecureCookies"]!.Equals("True", StringComparison.CurrentCultureIgnoreCase)) + { + policy = CookieSecurePolicy.Always; + } + services.AddAntiforgery(options => { - options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; + options.Cookie.SecurePolicy = policy; }); services.AddRazorComponents().AddInteractiveServerComponents(); diff --git a/src/Server.UI/appsettings.json b/src/Server.UI/appsettings.json index 41383042..5296281c 100644 --- a/src/Server.UI/appsettings.json +++ b/src/Server.UI/appsettings.json @@ -70,7 +70,8 @@ "RequireUpperCase": true, "RequireLowerCase": true, "DefaultLockoutTimeSpan": 30, - "MaxFailedAccessAttempts": 5 + "MaxFailedAccessAttempts": 5, + "SecureCookies": true }, "Notify": { "ApiKey": "",