Added option for oidc to disable https only cookies for deployments using an ip

.gitignore

@@ -400,6 +400,7 @@ FodyWeavers.xsd
 # Style builds
 **/style.min.css
 **/package-lock.json
+**/bun.lock
 
 # Secrets
 **/.env

Moonlight.Api/Configuration/OidcOptions.cs

@@ -4,6 +4,7 @@ public class OidcOptions
 {
     public string Authority { get; set; }
     public bool RequireHttpsMetadata { get; set; } = true;
+    public bool DisableHttpsOnlyCookies { get; set; }
     public string ResponseType { get; set; } = "code";
     public string[]? Scopes { get; set; }
     public string ClientId { get; set; }

Moonlight.Api/Http/Controllers/Admin/SetupController.cs

@@ -81,6 +81,8 @@ public class SetupController : Controller
                     
                     Permissions.System.Info,
                     Permissions.System.Diagnose,
+                    Permissions.System.Versions,
+                    Permissions.System.Instance,
                 ]
             });
         }

Moonlight.Api/Startup/Startup.Auth.cs

@@ -74,6 +74,12 @@ public partial class Startup
                 options.Authority = oidcOptions.Authority;
                 options.RequireHttpsMetadata = oidcOptions.RequireHttpsMetadata;
 
+                if (oidcOptions.DisableHttpsOnlyCookies)
+                {
+                    options.NonceCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                    options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+                }
+
                 var scopes = oidcOptions.Scopes ?? ["openid", "email", "profile"];
 
                 options.Scope.Clear();