From dee89b278b6290a396e35a1b0ed54e5556e4ad8b Mon Sep 17 00:00:00 2001 From: Polianin Nikita Date: Sat, 24 Aug 2024 02:25:29 +0300 Subject: [PATCH] refactor: set HttpOnly for debug mode too --- Endpoint/Controllers/Configuration/SetupController.cs | 4 ++-- Endpoint/Controllers/V1/AuthController.cs | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Endpoint/Controllers/Configuration/SetupController.cs b/Endpoint/Controllers/Configuration/SetupController.cs index 45ba240..86d7edd 100644 --- a/Endpoint/Controllers/Configuration/SetupController.cs +++ b/Endpoint/Controllers/Configuration/SetupController.cs @@ -75,9 +75,9 @@ public partial class SetupController( { Path = UrlHelper.GetSubPathWithoutFirstApiName + "api", Domain = HttpContext.GetCurrentDomain(), + HttpOnly = true, #if !DEBUG - Secure = true, - HttpOnly = true + Secure = true #endif }); return Ok(true); diff --git a/Endpoint/Controllers/V1/AuthController.cs b/Endpoint/Controllers/V1/AuthController.cs index 88154b2..71dd6c3 100644 --- a/Endpoint/Controllers/V1/AuthController.cs +++ b/Endpoint/Controllers/V1/AuthController.cs @@ -31,9 +31,9 @@ public class AuthController(IOptionsSnapshot user, AuthService auth, Pass Expires = expires, Path = UrlHelper.GetSubPathWithoutFirstApiName + "api", Domain = HttpContext.GetCurrentDomain(), + HttpOnly = true, #if !DEBUG - Secure = true, - HttpOnly = true + Secure = true #endif }; @@ -49,9 +49,9 @@ public class AuthController(IOptionsSnapshot user, AuthService auth, Pass [ApiExplorerSettings(IgnoreApi = true)] public void OnActionExecuting(ActionExecutingContext context) { - Ip = context.HttpContext.Connection.RemoteIpAddress?.ToString()!; - UserAgent = context.HttpContext.Request.Headers.UserAgent.ToString(); - Fingerprint = context.HttpContext.Request.Cookies["user_key"] ?? string.Empty; + Ip = HttpContext.Connection.RemoteIpAddress?.ToString()!; + UserAgent = Request.Headers.UserAgent.ToString(); + Fingerprint = Request.Cookies["user_key"] ?? string.Empty; RefreshToken = Request.Cookies["refresh_token"] ?? string.Empty; if (!string.IsNullOrWhiteSpace(Fingerprint)) return;