@@ -52,7 +52,7 @@ namespace Teknik.Areas.Blog.Controllers | |||
.Include(p => p.Blog.User) | |||
.Include(p => p.Comments) | |||
.Include(p => p.Tags) | |||
.Where(p => (p.System || isAuth) && p.Published).OrderByDescending(p => p.DatePosted) | |||
.Where(p => (p.BlogId == _config.BlogConfig.ServerBlogId || p.System) && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth)) | |||
.OrderByDescending(p => p.DatePosted) | |||
.Take(_config.BlogConfig.PostsToLoad).ToList(); | |||
@@ -56,8 +56,10 @@ body { padding-top: 70px; } | |||
.dropdown .dropdown__username { | |||
text-overflow: ellipsis; | |||
white-space: nowrap; | |||
font-weight: bolder; | |||
font-size: 12px; | |||
font-size: 10px; | |||
margin: 3px 5px 0 5px; | |||
} | |||
.dropdown-menu a { |
@@ -128,6 +128,7 @@ namespace Teknik | |||
// Set the anti-forgery cookie name | |||
services.AddAntiforgery(options => | |||
{ | |||
options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment()); | |||
options.Cookie.Name = "TeknikWebAntiForgery"; | |||
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; | |||
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict; | |||
@@ -159,6 +160,7 @@ namespace Teknik | |||
{ | |||
options.ExpireTimeSpan = TimeSpan.FromMinutes(60); | |||
options.Cookie.Name = "TeknikWebAuth"; | |||
options.Cookie.Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment()); | |||
options.EventsType = typeof(CookieEventHandler); | |||
}) | |||
@@ -259,7 +261,7 @@ namespace Teknik | |||
IdleTimeout = TimeSpan.FromMinutes(30), | |||
Cookie = new CookieBuilder() | |||
{ | |||
Domain = null, | |||
Domain = CookieHelper.GenerateCookieDomain(config.Host, false, Environment.IsDevelopment()), | |||
Name = "TeknikWebSession", | |||
SecurePolicy = CookieSecurePolicy.SameAsRequest, | |||
SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict |
@@ -0,0 +1,25 @@ | |||
using System; | |||
using System.Collections.Generic; | |||
using System.Text; | |||
namespace Teknik.Utilities | |||
{ | |||
public static class CookieHelper | |||
{ | |||
public static string GenerateCookieDomain(string domain, bool local, bool dev) | |||
{ | |||
if (local) // localhost | |||
{ | |||
return null; | |||
} | |||
else if (dev) // dev.example.com | |||
{ | |||
return string.Format("dev.{0}", domain); | |||
} | |||
else // A production instance | |||
{ | |||
return string.Format(".{0}", domain); | |||
} | |||
} | |||
} | |||
} |