Add UseStrictAndSecureCookies to the security defaults.

Lombiq · Jan 9, 2024 · 889cb22 · 889cb22
1 parent fb99d1e
commit 889cb22
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Lombiq.HelpfulLibraries.OrchardCore/Security/OrchardCoreBuilderExtensions.cs b/Lombiq.HelpfulLibraries.OrchardCore/Security/OrchardCoreBuilderExtensions.cs
@@ -79,7 +79,8 @@ public static OrchardCoreBuilder ConfigureSecurityDefaults(
 
                 app
                     .UseContentSecurityPolicyHeader(allowInlineScript, allowInlineStyle)
-                    .UseNosniffContentTypeOptionsHeader();
+                    .UseNosniffContentTypeOptionsHeader()
+                    .UseStrictAndSecureCookies();
             },
             order: 99); // Makes this service load fairly late. This should make the setup detection more accurate.
         return builder