From 9cb1c9eef9317bb635413ebe4e3dbff5c93a54a4 Mon Sep 17 00:00:00 2001
From: ericuss <etorreg@gmail.com>
Date: Thu, 2 Apr 2020 14:17:34 +0200
Subject: [PATCH] Error fixed, applied the cookie policy to lax mode

---
 src/Services/Identity/Identity.API/Startup.cs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Services/Identity/Identity.API/Startup.cs b/src/Services/Identity/Identity.API/Startup.cs
index 7533e5ff3..0053cf3ae 100644
--- a/src/Services/Identity/Identity.API/Startup.cs
+++ b/src/Services/Identity/Identity.API/Startup.cs
@@ -154,6 +154,11 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API
             app.UseForwardedHeaders();
             // Adds IdentityServer
             app.UseIdentityServer();
+
+            // Fix a problem with chrome. Chrome enabled a new feature "Cookies without SameSite must be secure", 
+            // the coockies shold be expided from https, but in eShop, the internal comunicacion in aks and docker compose is http.
+            // To avoid this problem, the policy of cookies shold be in Lax mode.
+            app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = AspNetCore.Http.SameSiteMode.Lax });
             app.UseRouting();
             app.UseEndpoints(endpoints =>
             {