nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-06 05:28:15 -05:00
Code

only use Secure cookies if on a https connection (#4472)

Browse Source
This commit is contained in:
Jake Fink 2024-07-09 08:51:56 -04:00 committed by GitHub
parent 1525c10bfb
commit d85fbf9f01
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Identity/Startup.cs
View File

@ -108,6 +108,10 @@ public class Startup
options.SaveTokens = false; options.SaveTokens = false;
options.GetClaimsFromUserInfoEndpoint = true; options.GetClaimsFromUserInfoEndpoint = true;
// Some browsers (safari) won't allow Secure cookies to be set on a http connection
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
{ {
OnRedirectToIdentityProvider = context => OnRedirectToIdentityProvider = context =>