From 827780318a4f41b6feebc031c6a6628cc62a0152 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Enes=20Sad=C4=B1k=20=C3=96zbek?= <es.ozbek@outlook.com>
Date: Thu, 24 Sep 2020 17:46:58 +0300
Subject: [PATCH] Set samesite cookie policy to strict. Fixes #5.

---
 src/Startup.cs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Startup.cs b/src/Startup.cs
index b709d1e..b2bf0be 100644
--- a/src/Startup.cs
+++ b/src/Startup.cs
@@ -1,6 +1,7 @@
 using System;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -52,6 +53,11 @@ namespace SteamOpenIdConnectProvider
                 .AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources());
 
             services.AddAuthentication()
+                .AddCookie(options =>
+                {
+                    options.Cookie.SameSite = SameSiteMode.Strict;
+                    options.Cookie.IsEssential = true;
+                })
                 .AddSteam(options =>
                 {
                     options.ApplicationKey = Configuration["Authentication:Steam:ApplicationKey"];