Added comments

Tiago Brenck · Tiago Brenck · commit c0e2ad5cc84f · 2020-01-16T10:05:40.000-08:00
diff --git a/1-WebApp-OIDC/1-1-MyOrg/Startup.cs b/1-WebApp-OIDC/1-1-MyOrg/Startup.cs
@@ -27,6 +27,7 @@ public void ConfigureServices(IServiceCollection services)
                 // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                 options.CheckConsentNeeded = context => true;
                 options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
+                // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
                 options.HandleSameSiteCookieCompatibility();
             });
 
diff --git a/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs b/Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs
@@ -163,11 +163,24 @@ public static IServiceCollection AddMsal(this IServiceCollection services, IConf
             return services;
         }
 
+        /// <summary>
+        /// Handles SameSite cookie issue according to the https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1.
+        /// The default list of user-agents that disallow SameSite None, was taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
+        /// </summary>
+        /// <param name="options"></param>
+        /// <returns></returns>
         public static CookiePolicyOptions HandleSameSiteCookieCompatibility(this CookiePolicyOptions options)
         {
             return HandleSameSiteCookieCompatibility(options, DisallowsSameSiteNone);
         }
 
+        /// <summary>
+        /// Handles SameSite cookie issue according to the docs: https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
+        /// The default list of user-agents that disallow SameSite None, was taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
+        /// </summary>
+        /// <param name="options"></param>
+        /// <param name="disallowsSameSiteNone">If you dont want to use the default user-agent list implementation, the method sent in this parameter will be run against the user-agent and if returned true, SameSite value will be set to Unspecified. The default user-agent list used can be found at: https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/</param>
+        /// <returns></returns>
         public static CookiePolicyOptions HandleSameSiteCookieCompatibility(this CookiePolicyOptions options, Func<string, bool> disallowsSameSiteNone)
         {
             options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
@@ -190,6 +203,7 @@ private static void CheckSameSite(HttpContext httpContext, CookieOptions options
             }
         }
 
+        // Method taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
         public static bool DisallowsSameSiteNone(string userAgent)
         {
             // Cover all iOS based browsers here. This includes:

Original file line number	Diff line number	Diff line change
`@@ -163,11 +163,24 @@ public static IServiceCollection AddMsal(this IServiceCollection services, IConf`
`163`	`163`	`return services;`
`164`	`164`	`}`
`165`	`165`
	`166`	`+ /// <summary>`
	`167`	`+ /// Handles SameSite cookie issue according to the https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1.`
	`168`	`+ /// The default list of user-agents that disallow SameSite None, was taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/`
	`169`	`+ /// </summary>`
	`170`	`+ /// <param name="options"></param>`
	`171`	`+ /// <returns></returns>`
`166`	`172`	`public static CookiePolicyOptions HandleSameSiteCookieCompatibility(this CookiePolicyOptions options)`
`167`	`173`	`{`
`168`	`174`	`return HandleSameSiteCookieCompatibility(options, DisallowsSameSiteNone);`
`169`	`175`	`}`
`170`	`176`
	`177`	`+ /// <summary>`
	`178`	`+ /// Handles SameSite cookie issue according to the docs: https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1`
	`179`	`+ /// The default list of user-agents that disallow SameSite None, was taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/`
	`180`	`+ /// </summary>`
	`181`	`+ /// <param name="options"></param>`
	`182`	`+ /// <param name="disallowsSameSiteNone">If you dont want to use the default user-agent list implementation, the method sent in this parameter will be run against the user-agent and if returned true, SameSite value will be set to Unspecified. The default user-agent list used can be found at: https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/</param>`
	`183`	`+ /// <returns></returns>`
`171`	`184`	`public static CookiePolicyOptions HandleSameSiteCookieCompatibility(this CookiePolicyOptions options, Func<string, bool> disallowsSameSiteNone)`
`172`	`185`	`{`
`173`	`186`	`options.MinimumSameSitePolicy = SameSiteMode.Unspecified;`
`@@ -190,6 +203,7 @@ private static void CheckSameSite(HttpContext httpContext, CookieOptions options`
`190`	`203`	`}`
`191`	`204`	`}`
`192`	`205`
	`206`	`+ // Method taken from https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/`
`193`	`207`	`public static bool DisallowsSameSiteNone(string userAgent)`
`194`	`208`	`{`
`195`	`209`	`// Cover all iOS based browsers here. This includes:`