Add configurable SameSite cookie option
This commit is contained in:
parent
87d063b2b5
commit
b899775185
|
|
@ -153,6 +153,7 @@ namespace Microsoft.AspNetCore.Session
|
||||||
var cookieOptions = new CookieOptions
|
var cookieOptions = new CookieOptions
|
||||||
{
|
{
|
||||||
Domain = _options.CookieDomain,
|
Domain = _options.CookieDomain,
|
||||||
|
SameSite = _options.SameSiteMode,
|
||||||
HttpOnly = _options.CookieHttpOnly,
|
HttpOnly = _options.CookieHttpOnly,
|
||||||
Path = _options.CookiePath ?? SessionDefaults.CookiePath,
|
Path = _options.CookiePath ?? SessionDefaults.CookiePath,
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,12 @@ namespace Microsoft.AspNetCore.Builder
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public bool CookieHttpOnly { get; set; } = true;
|
public bool CookieHttpOnly { get; set; } = true;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
|
||||||
|
/// default is Lax, which means the cookie is allowed to be attached to same-site and safe cross-site requests.
|
||||||
|
/// </summary>
|
||||||
|
public SameSiteMode SameSiteMode { get; set; } = SameSiteMode.Lax;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Determines if the cookie should only be transmitted on HTTPS requests.
|
/// Determines if the cookie should only be transmitted on HTTPS requests.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue