Jasmin Savard

That, or remove the service injection in the Layout Razor templates in a custom theme if you don't want to have Theming enabled.

Yes, because we need it. But if someone doesn't then it is injected in a Razor view so it can be disposed of. I don't think we should make the...

hmm, I'm thinking that it is maybe related with the response object itself and the way it parses it? Because you can definitely see that I'm getting an undefined response...

Ok, it will take some time but I will give you some repro code once I get everything moved back to an open source project I'm working on. For now,...

My bad I pushed directly to main branch the dockerfiles. If you want me to revert the commit let me know but these should be fine. We should probably not...

@sarahelsaig Do you know something in Lombiq Nuget packages that could enforce SSL on AntiforgeryToken. I've found nothing in this repository?

If anyone has time to try this and report if they at least can repro the issue that be appreciated. I will take a look at Lombiq repositories to find...

More on this. First, I made it work locally with a self signed certificate using a docker-compose.yml file and Microsoft documentation about how to run an aspnet core application under...

Here if we look at this enum: https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.http.cookiesecurepolicy?view=aspnetcore-9.0 Normally the default should be "SameAsRequest" which has been changed to "Always" somewhere in OCC which is the issue.

So I found what triggers this. ConfigureSecurityDefaultsWithStaticFiles in Program.cs  This here. Why is it necessary to be enforced if when it is set to "SameAsRequest" it will use proper...