Feedbackg

JunTaoLuo · JunTaoLuo · commit 2cb0135cf640 · 2017-05-26T01:21:07.000-07:00
diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -62,7 +62,7 @@ public OpenIdConnectHandler(IOptionsSnapshot<OpenIdConnectOptions> options, ILog
         }
 
         /// <summary>
-        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         protected new OpenIdConnectEvents Events
@@ -892,7 +892,7 @@ private void WriteNonceCookie(string nonce)
                 new CookieOptions
                 {
                     HttpOnly = true,
-                    SameSite = Http.SameSiteMode.Strict,
+                    SameSite = Http.SameSiteMode.Lax,
                     Secure = Request.IsHttps,
                     Expires = Clock.UtcNow.Add(Options.ProtocolValidator.NonceLifetime)
                 });
@@ -924,7 +924,7 @@ private string ReadNonceCookie(string nonce)
                             var cookieOptions = new CookieOptions
                             {
                                 HttpOnly = true,
-                                SameSite = Http.SameSiteMode.Strict,
+                                SameSite = Http.SameSiteMode.Lax,
                                 Secure = Request.IsHttps
                             };
 
diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs
@@ -31,7 +31,7 @@ internal class TwitterHandler : RemoteAuthenticationHandler<TwitterOptions>
         private HttpClient Backchannel => Options.Backchannel;
 
         /// <summary>
-        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         protected new TwitterEvents Events
@@ -83,7 +83,7 @@ protected override async Task<AuthenticateResult> HandleRemoteAuthenticateAsync(
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteMode.Strict,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps
             };
 
@@ -154,7 +154,7 @@ protected override async Task HandleChallengeAsync(AuthenticationProperties prop
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteMode.Strict,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs
@@ -12,7 +12,7 @@
 
 namespace Microsoft.AspNetCore.Authentication
 {
-    public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationRequestHandler 
+    public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHandler<TOptions>, IAuthenticationRequestHandler
         where TOptions : RemoteAuthenticationOptions, new()
     {
         private const string CorrelationPrefix = ".AspNetCore.Correlation.";
@@ -25,7 +25,7 @@ public abstract class RemoteAuthenticationHandler<TOptions> : AuthenticationHand
         protected string SignInScheme => Options.SignInScheme;
 
         /// <summary>
-        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring.
         /// If it is not provided a default instance is supplied which does nothing when the methods are called.
         /// </summary>
         protected new RemoteAuthenticationEvents Events
@@ -203,7 +203,7 @@ protected virtual void GenerateCorrelationId(AuthenticationProperties properties
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteMode.Strict,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps,
                 Expires = Clock.UtcNow.Add(Options.RemoteAuthenticationTimeout),
             };
@@ -243,7 +243,7 @@ protected virtual bool ValidateCorrelationId(AuthenticationProperties properties
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
-                SameSite = SameSiteMode.Strict,
+                SameSite = SameSiteMode.Lax,
                 Secure = Request.IsHttps
             };
             Response.Cookies.Delete(cookieName, cookieOptions);
