Parcourir la source

Made sure all cookies were strict and https only

tags/3.0.0^2
Teknikode il y a 2 ans
Parent
révision
b2902d7090

+ 1
- 1
Teknik/Areas/User/Utility/UserHelper.cs Voir le fichier

@@ -1334,7 +1334,7 @@ If you recieved this email and you did not reset your password, you can ignore t
{
HttpOnly = true,
Secure = true,
Expires = DateTime.Now.AddYears(1)
Expires = DateTime.Now.AddDays(30)
};

// Set domain dependent on where it's being ran from

+ 1
- 1
Teknik/Areas/User/Views/User/TwoFactorCheck.cshtml Voir le fichier

@@ -30,7 +30,7 @@
<input id="RememberDevice" type="checkbox" value="true" name="RememberDevice" /><input name="RememberDevice" type="hidden" value="false"> Remember Device
</label>
</div>
<small>Set this device as a trusted device. It is not advised to trust a public computer.</small>
<small>Set this device as a trusted device for 30 days. It is not advised to trust a public computer.</small>
<br />
<br />
}

+ 11
- 2
Teknik/Startup.cs Voir le fichier

@@ -87,6 +87,8 @@ namespace Teknik
{
options.Cookie.Domain = null;
options.Cookie.Name = "TeknikAuth";
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
options.LoginPath = "/User/User/Login";
options.LogoutPath = "/User/User/Logout";
options.EventsType = typeof(TeknikCookieAuthenticationEvents);
@@ -110,7 +112,12 @@ namespace Teknik
services.AddSession();

// Set the anti-forgery cookie name
services.AddAntiforgery(options => options.Cookie.Name = "TeknikAntiForgery");
services.AddAntiforgery(options =>
{
options.Cookie.Name = "TeknikAntiForgery";
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
});

// Core MVC
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
@@ -138,7 +145,9 @@ namespace Teknik
Cookie = new CookieBuilder()
{
Domain = null,
Name = "TeknikSession"
Name = "TeknikSession",
SecurePolicy = CookieSecurePolicy.Always,
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict
}
});


Chargement…
Annuler
Enregistrer