1
0
mirror of https://github.com/bitwarden/server.git synced 2025-01-22 21:51:22 +01:00

only use Secure cookies if on a https connection (#4472)

This commit is contained in:
Jake Fink 2024-07-09 08:51:56 -04:00 committed by GitHub
parent 1525c10bfb
commit d85fbf9f01
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -108,6 +108,10 @@ public class Startup
options.SaveTokens = false;
options.GetClaimsFromUserInfoEndpoint = true;
// Some browsers (safari) won't allow Secure cookies to be set on a http connection
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
options.Events = new Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>