0
nhontran created
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes / no
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi, we received a pen test finding indicating that we need to enable the 'Secure' flag for the '.AspNetCore.Culture' cookie:
I have tried to enable by adding this code but it does not work:
Configure<CookiePolicyOptions>(options =>
{
options.Secure = CookieSecurePolicy.Always;
});
Configure<AntiforgeryOptions>(options =>
{
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
});
could you please assist us on this request?
4 Answer(s)
-
0
Hi,
You can try this:
public override void OnApplicationInitialization(ApplicationInitializationContext context) { var env = context.GetEnvironment(); var app = context.GetApplicationBuilder(); app.UseCookiePolicy(new CookiePolicyOptions() { OnAppendCookie = cookieContext => { if (cookieContext.CookieName == CookieRequestCultureProvider.DefaultCookieName) { cookieContext.CookieOptions.Secure = true; } } }); ........ } -
0
Hi @liangshiwei, I just tried it but it does not work, I feel the cookie is created at the front-end side (Angular) isn't it? I found these lines of code in angular:
-
0
I feel the cookie is created at the front-e
yes.. that provider created language cookie. You can override too with TOKEN. https://github.com/abpframework/abp/blob/dev/npm/ng-packs/packages/core/src/lib/providers/cookie-language.provider.ts
-
0
Hi, I managed to override it already. Thanks
