Fix NonceCookie/CorrelationCookie dotnet#44853 (dotnet#45247)

singh733 · web-flow · commit fada626e7f5e · 2022-11-23T08:59:08.000-08:00
diff --git a/src/Security/Authentication/Core/src/RemoteAuthenticationOptions.cs b/src/Security/Authentication/Core/src/RemoteAuthenticationOptions.cs
@@ -26,7 +26,7 @@ public RemoteAuthenticationOptions()
             Name = CorrelationPrefix,
             HttpOnly = true,
             SameSite = SameSiteMode.None,
-            SecurePolicy = CookieSecurePolicy.SameAsRequest,
+            SecurePolicy = CookieSecurePolicy.Always,
             IsEssential = true,
         };
     }
diff --git a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectOptions.cs b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectOptions.cs
@@ -70,7 +70,7 @@ public OpenIdConnectOptions()
             Name = OpenIdConnectDefaults.CookieNoncePrefix,
             HttpOnly = true,
             SameSite = SameSiteMode.None,
-            SecurePolicy = CookieSecurePolicy.SameAsRequest,
+            SecurePolicy = CookieSecurePolicy.Always,
             IsEssential = true,
         };
     }
diff --git a/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectTests.cs b/src/Security/Authentication/test/OpenIdConnect/OpenIdConnectTests.cs
@@ -480,7 +480,7 @@ public void CanCreateOpenIdConnectCookiesFromConfig()
         Assert.Equal(OpenIdConnectDefaults.CookieNoncePrefix, options.NonceCookie.Name);
         Assert.True(options.NonceCookie.IsEssential);
         Assert.True(options.NonceCookie.HttpOnly);
-        Assert.Equal(CookieSecurePolicy.SameAsRequest, options.NonceCookie.SecurePolicy);
+        Assert.Equal(CookieSecurePolicy.Always, options.NonceCookie.SecurePolicy);
         Assert.Equal(TimeSpan.FromMinutes(1), options.BackchannelTimeout);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public RemoteAuthenticationOptions()`
`26`	`26`	`Name = CorrelationPrefix,`
`27`	`27`	`HttpOnly = true,`
`28`	`28`	`SameSite = SameSiteMode.None,`
`29`		`- SecurePolicy = CookieSecurePolicy.SameAsRequest,`
	`29`	`+ SecurePolicy = CookieSecurePolicy.Always,`
`30`	`30`	`IsEssential = true,`
`31`	`31`	`};`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ public OpenIdConnectOptions()`
`70`	`70`	`Name = OpenIdConnectDefaults.CookieNoncePrefix,`
`71`	`71`	`HttpOnly = true,`
`72`	`72`	`SameSite = SameSiteMode.None,`
`73`		`- SecurePolicy = CookieSecurePolicy.SameAsRequest,`
	`73`	`+ SecurePolicy = CookieSecurePolicy.Always,`
`74`	`74`	`IsEssential = true,`
`75`	`75`	`};`
`76`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -480,7 +480,7 @@ public void CanCreateOpenIdConnectCookiesFromConfig()`
`480`	`480`	`Assert.Equal(OpenIdConnectDefaults.CookieNoncePrefix, options.NonceCookie.Name);`
`481`	`481`	`Assert.True(options.NonceCookie.IsEssential);`
`482`	`482`	`Assert.True(options.NonceCookie.HttpOnly);`
`483`		`- Assert.Equal(CookieSecurePolicy.SameAsRequest, options.NonceCookie.SecurePolicy);`
	`483`	`+ Assert.Equal(CookieSecurePolicy.Always, options.NonceCookie.SecurePolicy);`
`484`	`484`	`Assert.Equal(TimeSpan.FromMinutes(1), options.BackchannelTimeout);`
`485`	`485`	`}`
`486`	`486`