VP-4168: Use Lax same site mode for XSRF-TOkEN cookie (#516)

VirtoCommerce · Aug 14, 2020 · 49fcd2f · 49fcd2f
1 parent cab7ef2
commit 49fcd2f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/VirtoCommerce.Storefront/Filters/AngularAntiforgeryCookieResultFilter.cs b/VirtoCommerce.Storefront/Filters/AngularAntiforgeryCookieResultFilter.cs
@@ -30,7 +30,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
             if (context.Result is ViewResult viewResult && statusCodeReExecuteFeature == null)
             {
                 var tokens = antiforgery.GetAndStoreTokens(context.HttpContext);
-                context.HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false, IsEssential = true });
+                context.HttpContext.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false, IsEssential = true, SameSite = SameSiteMode.Lax });
             }
         }