Documentation Clarity in the "CookieSecurePolicy" in the AntiForgeryOptions

[akshita31]

The AntiForgeryOptions say that the default CookieSecurePolicy in "None". However, the "CookieSecurePolicy" enum says that the default value is "SameAsRequest". While working with the project I navigated to the "CookieSecurePolicy" and assumed that the default must be "SameAsRequest".

I am not sure whether this is really an issue or it is a common scenario where we create default objects with the enum types that don't use the default enum value, but I thought it might be worth to bring to your notice if it somehow got ignored.

[Tratcher]

The docs on CookieSecurePolicy are outdated, they were written at a time when that enum was only used in the authentication components. AntiForgery has chosen different defaults more suited to its scenarios.

[kharai-tor]

@Tratcher

Sent a PR for this - #4542 but some of the CI tasks were unsuccessful, however this is only just a comment update and it doesn't require a build to check whether everything's fine.

I'm not sure how to rerun CI or what else to do from this point forward so I'd appreciate some advice.

Thanks.