Home > Blockchain >  Set cookie not over HTTPS in ASP.NET 5
Set cookie not over HTTPS in ASP.NET 5

Time:02-25

I have two microservices. One is for identity. I am trying to set auth cookie and I have this middleware:

app.UseCookiePolicy(new CookiePolicyOptions
{
    MinimumSameSitePolicy = SameSiteMode.None,
    Secure = CookieSecurePolicy.None,
    HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.None
});

And also this service:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(options =>
    {
        options.Cookie.HttpOnly = true;
        options.Cookie.SameSite = SameSiteMode.None;
        options.Cookie.SecurePolicy = CookieSecurePolicy.None;
        options.Cookie.IsEssential = true;
    });

And also browser throws this warning:

enter image description here

So I want to know if it is possible or not to set cookie not over HTTPS ???

CodePudding user response:

You need to set the cookie over Https, otherwise it will not work.

This is because the Samesite cookie functionality requires that it is done over HTTPs when the cookies reaches the browser.

see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

That says:

Cookies with SameSite=None must now also specify the Secure attribute (they require a secure context/HTTPS).

Page link:https//www.codepudding.com/Blockchain/314118.html

Prev:Dynamically Reading Azure App Configuration in .Net core Web App using .Net 6
Next:How to choose a default tab focus in gnome-terminal?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding