From dcf919fb36bf65577eaa890f9a2dc545b550befb Mon Sep 17 00:00:00 2001
From: Cody <cody@decacon.com>
Date: Thu, 8 Aug 2024 12:24:42 -0700
Subject: [PATCH] Adds AntiForgery Cookie setting options.Cookie.HttpOnly =
 true;

---
 Oqtane.Server/Startup.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Oqtane.Server/Startup.cs b/Oqtane.Server/Startup.cs
index d4bf01610..164d86618 100644
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@@ -100,6 +100,7 @@ public void ConfigureServices(IServiceCollection services)
                 options.Cookie.Name = Constants.AntiForgeryTokenCookieName;
                 options.Cookie.SameSite = SameSiteMode.Strict;
                 options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                options.Cookie.HttpOnly = true;
             });
 
             services.AddIdentityCore<IdentityUser>(options => { })