Added option for oidc to disable https only cookies for deployments using an ip

2026-02-09 12:22:03 +01:00
parent cc7f55c988
commit 4daf986f3e
2 changed files with 7 additions and 0 deletions
--- a/Moonlight.Api/Configuration/OidcOptions.cs
+++ b/Moonlight.Api/Configuration/OidcOptions.cs
@@ -4,6 +4,7 @@ public class OidcOptions
 {
    public string Authority { get; set; }
    public bool RequireHttpsMetadata { get; set; } = true;
+    public bool DisableHttpsOnlyCookies { get; set; }
    public string ResponseType { get; set; } = "code";
    public string[]? Scopes { get; set; }
    public string ClientId { get; set; }
--- a/Moonlight.Api/Startup/Startup.Auth.cs
+++ b/Moonlight.Api/Startup/Startup.Auth.cs
@@ -74,6 +74,12 @@ public partial class Startup
                options.Authority = oidcOptions.Authority;
                options.RequireHttpsMetadata = oidcOptions.RequireHttpsMetadata;

+                if (oidcOptions.DisableHttpsOnlyCookies)
+                {
+                    options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                    options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                }
+
                var scopes = oidcOptions.Scopes ?? ["openid", "email", "profile"];

                options.Scope.Clear();