dmolinari/MotoresArgentinosV2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat: Ajustes de seguridad

Browse Source
This commit is contained in:
dmolinari
2026-01-30 11:18:56 -03:00
parent 32cf2ba74a
commit 8f6f8d4500
10 changed files with 179 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Backend/MotoresArgentinosV2.API/Controllers/AuthController.cs
View File

@@ -11,7 +11,7 @@ namespace MotoresArgentinosV2.API.Controllers;
[ApiController]
[Route("api/[controller]")]
// CORRECCIÓN: Se quitó [EnableRateLimiting("AuthPolicy")] de aquí para no bloquear /me ni /logout
[EnableRateLimiting("AuthPolicy")]
public class AuthController : ControllerBase
{
private readonly IIdentityService _identityService;
@@ -33,7 +33,7 @@ public class AuthController : ControllerBase
var cookieOptions = new CookieOptions
{
HttpOnly = true, // Seguridad: JS no puede leer esto
Expires = DateTime.UtcNow.AddDays(7),
Expires = DateTime.UtcNow.AddMinutes(15),
Secure = true, // Solo HTTPS (localhost con https cuenta)
SameSite = SameSiteMode.Strict,
IsEssential = true