Blazor.Auth icon indicating copy to clipboard operation
Blazor.Auth copied to clipboard
verified publisher icon BitzArt

Make user cookies HttpOnly and Secure

Open YuriyDurov opened this issue 1 year ago • 0 comments

Requires #11 to be completed before anything described here

  1. Make user cookies HttpOnly and Secure in order to prevent XSS attacks (requires additional Cookies implementation for HttpOnly and Secure cookie flags)
  2. Split BlazorAuthenticationStateProvider into InteractiveWasmAuthenticationStateProvider and InteractiveServerAuthenticationStateProvider.
  3. Extract ServerSideAuthenticationStateService which will be used in the server-side endpoint for InteractiveWasmAuthenticationStateProvider, as well as in the InteractiveServerAuthenticationStateProvider to parse the user's cookies and generate AuthenticationState.
  4. Implement InteractiveWasmAuthenticationStateProvider which will retrieve the user's AuthenticationState by sending a request to the Blazor server, instead of directly accessing user's cookies via JS Interop. [Sequence diagram required]
  5. Implement InteractiveServerAuthenticationStateProvider which will retrieve the user's Cookies by requesting client's browser JS to make an HTTP call to the server: interactive-server

YuriyDurov avatar Apr 10 '24 10:04 YuriyDurov