ba7d550a74
* Move access/refresh tokens to secure cookies (#20779) * feat: adds the `credentials: include` header to all manual requests * feat: adds `credentials: include` as a configurable option to xhr requests (and sets it by default to true) * feat: configures the auto-generated fetch client from hey-api to include credentials by default * Add OpenIddict handler to hide tokens from the back-office client * Make back-office token redaction optional (default false) * Clear back-office token cookies on logout * Add configuration for backoffice cookie settings * Make cookies forcefully secure + move cookie handler enabling to the BackOfficeTokenCookieSettings * Use the "__Host-" prefix for cookie names * docs: adds documentation on cookie settings * build: sets up launch profile for vscode with new cookie recommended settings * docs: adds extra note around SameSite settings * docs: adds extra note around SameSite settings * Respect sites that do not use HTTPS * Explicitly invalidate potentially valid, old refresh tokens that should no longer be used * Removed obsolete const --------- Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com> * Remove configuration option * Invalidate all existing access tokens on upgrade * docs: updates recommended settings for development * build: removes non-existing variable * Skip flaky test * Bumped version of our test helpers to fix failing tests --------- Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com> Co-authored-by: Andreas Zerbst <andr317c@live.dk>
Umbraco CMS
Umbraco is a free and open source .NET content management system. Our mission is to help you deliver delightful digital experiences by making Umbraco friendly, simpler and social.
Learn more at umbraco.com
Looking to install Umbraco?
You can get started using the following commands on Windows, Linux and MacOS (after installing the .NET Runtime and SDK):
dotnet new install Umbraco.Templates
dotnet new umbraco --name MyProject
cd MyProject
dotnet run
Documentation
Our comprehensive documentation takes you from the fundamentals on how to start with Umbraco to deploying it to production.
Some important documentation links to get you started:
- Installing Umbraco CMS
- Getting to know Umbraco
- Tutorials for creating a basic website and customizing the editing experience
Get help
If you need a bit of feedback while building your Umbraco projects, we are chatty on Discord. Our Discord server serves as a social space for all Umbracians. If you have any questions or need some help with a problem, head over to our dedicated forum where the Umbraco Community will be happy to help.
Looking to contribute back to Umbraco?
You came to the right place! Our GitHub repository is available for all kinds of contributions:
Umbraco is contribution-focused and community-driven. If you want to contribute back to the Umbraco source code, please check out our guide to contributing.