Add configurable SameSite cookie option

2017-05-30 20:52:15 -07:00 · 2017-05-30 20:52:15 -07:00 · b899775185
parent 87d063b2b5
commit b899775185
2 changed files with 7 additions and 0 deletions
--- a/src/Microsoft.AspNetCore.Session/SessionMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Session/SessionMiddleware.cs
@ -153,6 +153,7 @@ namespace Microsoft.AspNetCore.Session
                var cookieOptions = new CookieOptions
                {
                    Domain = _options.CookieDomain,
+                    SameSite = _options.SameSiteMode,
                    HttpOnly = _options.CookieHttpOnly,
                    Path = _options.CookiePath ?? SessionDefaults.CookiePath,
                };
--- a/src/Microsoft.AspNetCore.Session/SessionOptions.cs
+++ b/src/Microsoft.AspNetCore.Session/SessionOptions.cs
@ -36,6 +36,12 @@ namespace Microsoft.AspNetCore.Builder
        /// </summary>
        public bool CookieHttpOnly { get; set; } = true;

+        /// <summary>
+        /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
+        /// default is Lax, which means the cookie is allowed to be attached to same-site and safe cross-site requests.
+        /// </summary>
+        public SameSiteMode SameSiteMode { get; set; } = SameSiteMode.Lax;
+
        /// <summary>
        /// Determines if the cookie should only be transmitted on HTTPS requests. 
        /// </summary>