From 6b8dd9bf0302511265fe83e1f76df5656079a2f3 Mon Sep 17 00:00:00 2001
From: sbwalker <shaun.walker@siliqon.com>
Date: Thu, 28 Mar 2024 14:23:13 -0400
Subject: [PATCH] fix #4075 - auth cookie being rejected under some scenarios -
 change from Strict to Lax to match latest .NET Identity configuration

---
 Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
index 635b67239..19eb4cbe3 100644
--- a/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneServiceCollectionExtensions.cs
@@ -157,7 +157,7 @@ public static IServiceCollection ConfigureOqtaneCookieOptions(this IServiceColle
             services.ConfigureApplicationCookie(options =>
             {
                 options.Cookie.HttpOnly = true;
-                options.Cookie.SameSite = SameSiteMode.Strict;
+                options.Cookie.SameSite = SameSiteMode.Lax;
                 options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
                 options.Events.OnRedirectToLogin = context =>
                 {