From 35d021237ec49ee317248312171c41388605f823 Mon Sep 17 00:00:00 2001
From: elitsa <elm@umbraco.dk>
Date: Wed, 11 Dec 2019 14:33:21 +0100
Subject: [PATCH] Added a cookie path claim on user login, so that we can
 validate requests for xsrf token

---
 .../Security/BackOfficeCookieAuthenticationProvider.cs         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs b/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
index e7aef4be03..ed6abb3fbe 100644
--- a/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
+++ b/src/Umbraco.Web/Security/BackOfficeCookieAuthenticationProvider.cs
@@ -41,6 +41,9 @@ namespace Umbraco.Web.Security
                     : Guid.NewGuid();
 
                 backOfficeIdentity.SessionId = session.ToString();
+
+                //since it is a cookie-based authentication add that claim
+                backOfficeIdentity.AddClaim(new Claim(ClaimTypes.CookiePath, "/", ClaimValueTypes.String, UmbracoBackOfficeIdentity.Issuer, UmbracoBackOfficeIdentity.Issuer, backOfficeIdentity));
             }
 
             base.ResponseSignIn(context);