AspNet Core Identity, how set options.Cookie.SameSite?

后端 未结 3 999
没有蜡笔的小新
没有蜡笔的小新 2021-01-04 11:07

In the latest templates and libraries used httpsonly flag. How can I turn it off?

This same question is outdated and it did not have full configuration sample:

3条回答
  •  梦毁少年i
    2021-01-04 12:02

    The answer by @poke did not help me set the value to SameSiteMode.None, atleast not in ASP.NET core 2.1.

    Any value you set in configure application cookie is overridden by the MinimumSameSitePolicy setting of the cookie policy middleware.

    This prevent the override, set MinimumSameSitePolicy for the UseCookiePolicy extension as SameSiteMode.None.

    app.UseCookiePolicy(new CookiePolicyOptions
    {
       MinimumSameSitePolicy = SameSiteMode.None
    });
    

    Then set the actual same site value in the AddCookie extension in the ConfigureServices method

    services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
        options => options.Cookie.SameSite = SameSiteMode.None;
    });
    

提交回复
热议问题