mirror of
https://git.teknik.io/Teknikode/Teknik.git
synced 2023-08-02 14:16:22 +02:00
Made sure all cookies were strict and https only
This commit is contained in:
parent
39d875e4cf
commit
b2902d7090
@ -1334,7 +1334,7 @@ If you recieved this email and you did not reset your password, you can ignore t
|
||||
{
|
||||
HttpOnly = true,
|
||||
Secure = true,
|
||||
Expires = DateTime.Now.AddYears(1)
|
||||
Expires = DateTime.Now.AddDays(30)
|
||||
};
|
||||
|
||||
// Set domain dependent on where it's being ran from
|
||||
|
@ -30,7 +30,7 @@
|
||||
<input id="RememberDevice" type="checkbox" value="true" name="RememberDevice" /><input name="RememberDevice" type="hidden" value="false"> Remember Device
|
||||
</label>
|
||||
</div>
|
||||
<small>Set this device as a trusted device. It is not advised to trust a public computer.</small>
|
||||
<small>Set this device as a trusted device for 30 days. It is not advised to trust a public computer.</small>
|
||||
<br />
|
||||
<br />
|
||||
}
|
||||
|
@ -87,6 +87,8 @@ namespace Teknik
|
||||
{
|
||||
options.Cookie.Domain = null;
|
||||
options.Cookie.Name = "TeknikAuth";
|
||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
|
||||
options.LoginPath = "/User/User/Login";
|
||||
options.LogoutPath = "/User/User/Logout";
|
||||
options.EventsType = typeof(TeknikCookieAuthenticationEvents);
|
||||
@ -110,7 +112,12 @@ namespace Teknik
|
||||
services.AddSession();
|
||||
|
||||
// Set the anti-forgery cookie name
|
||||
services.AddAntiforgery(options => options.Cookie.Name = "TeknikAntiForgery");
|
||||
services.AddAntiforgery(options =>
|
||||
{
|
||||
options.Cookie.Name = "TeknikAntiForgery";
|
||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
|
||||
});
|
||||
|
||||
// Core MVC
|
||||
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
|
||||
@ -138,7 +145,9 @@ namespace Teknik
|
||||
Cookie = new CookieBuilder()
|
||||
{
|
||||
Domain = null,
|
||||
Name = "TeknikSession"
|
||||
Name = "TeknikSession",
|
||||
SecurePolicy = CookieSecurePolicy.Always,
|
||||
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict
|
||||
}
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user