mirror of
https://github.com/bitwarden/server.git
synced 2025-01-22 21:51:22 +01:00
only use Secure cookies if on a https connection (#4472)
This commit is contained in:
parent
1525c10bfb
commit
d85fbf9f01
@ -108,6 +108,10 @@ public class Startup
|
||||
options.SaveTokens = false;
|
||||
options.GetClaimsFromUserInfoEndpoint = true;
|
||||
|
||||
// Some browsers (safari) won't allow Secure cookies to be set on a http connection
|
||||
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
|
||||
options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
|
||||
|
||||
options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
|
||||
{
|
||||
OnRedirectToIdentityProvider = context =>
|
||||
|
Loading…
Reference in New Issue
Block a user