From 683631e4bfadd8bbcf2a5574a5cd12f032d0b5d8 Mon Sep 17 00:00:00 2001
From: Uncled1023 <admin@teknik.io>
Date: Wed, 27 Jul 2016 12:38:58 -0700
Subject: [PATCH] Added requirement of ssl for cookies and anti-forgery token

---
 Teknik/Global.asax.cs | 4 ++++
 Teknik/Web.config     | 1 +
 2 files changed, 5 insertions(+)

diff --git a/Teknik/Global.asax.cs b/Teknik/Global.asax.cs
index 3b0ebeb..2504534 100644
--- a/Teknik/Global.asax.cs
+++ b/Teknik/Global.asax.cs
@@ -34,6 +34,8 @@ namespace Teknik
 
             AreaRegistration.RegisterAllAreas();
 
+            AntiForgeryConfig.RequireSsl = true;
+
             FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
             RouteConfig.RegisterRoutes(RouteTable.Routes);
             BundleConfig.RegisterBundles(BundleTable.Bundles);
@@ -43,6 +45,7 @@ namespace Teknik
         {
             HttpContext context = HttpContext.Current;
             
+            // Start the generation time stopwatcher
             var stopwatch = new Stopwatch();
             HttpContext.Current.Items["Stopwatch"] = stopwatch;
             stopwatch.Start();
@@ -52,6 +55,7 @@ namespace Teknik
         {
             HttpContext context = HttpContext.Current;
 
+            // Set the generation time in the header
             Stopwatch stopwatch = (Stopwatch)context.Items["Stopwatch"];
             stopwatch.Stop();
 
diff --git a/Teknik/Web.config b/Teknik/Web.config
index 09d5d5f..21323f6 100644
--- a/Teknik/Web.config
+++ b/Teknik/Web.config
@@ -23,6 +23,7 @@
     <add key="UnobtrusiveJavaScriptEnabled" value="true" />
   </appSettings>
   <system.web>
+    <httpCookies httpOnlyCookies="true" requireSSL="true" />
     <customErrors mode="Off" />
     <authentication mode="Forms">
       <forms domain=".teknik.io" protection="All" enableCrossAppRedirects="true" name="TeknikAuth" />