Added 'SameSite=Strict' cookie attribute, reducing overall CSRF attac…

…k surface
Hoan17122003 · May 5, 2022 · 4033c72 · 4033c72
1 parent 11b9f17
commit 4033c72
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/BlogEngine/BlogEngine.NET/Global.asax b/BlogEngine/BlogEngine.NET/Global.asax
@@ -12,4 +12,17 @@
     {
         BlogEngineConfig.SetCulture(sender, e);
     }
+
+    protected void Application_PreSendRequestHeaders ()
+    {
+        var httpContext = HttpContext.Current;
+        if (httpContext != null) {
+            var cookieValueSuffix = "; SameSite=Strict";
+            var cookies = httpContext.Response.Cookies;
+            for (var i = 0; i < cookies.Count; i++)
+            {
+                var cookie = cookies[i]; cookie.Value += cookieValueSuffix;
+            }
+        }
+    }
 </script>