Warn for external site permissions

src/Client/src/app/pages/account/login/login.component.html

@@ -1,4 +1,14 @@
 <div class="center">
+
+  <div class="big-frame">
+    <h1>Your logging into</h1>
+    @if (returnURL == '/'){
+      <h2>https://auth.mistox.com</h2>
+    } @else {
+      <h2>{{ this.returnURL }}</h2>
+    }
+  </div>
+
   <form class="big-frame" #accountForm="ngForm" (ngSubmit)="onSubmit()">
     <h3>Login</h3>
 
@@ -35,6 +45,13 @@
         }
       </ul>
     }
-    
   </form>
+
+  @if (returnURL != '/') {
+    <div class="big-frame" style="width: 600px;">
+      <h1>WARNING</h1>
+      <h2>By signing in you are giving the remote website access to your profile. They will not have access to your credentials but will have access to your account data.</h2>
+    </div>
+  }
+
 </div>

src/Client/src/app/pages/account/login/login.component.ts

@@ -43,7 +43,7 @@ export class LoginComponent {
     }
 
     this.errorMsgs.push("Waiting for response from server");
-    this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn }, { responseType: 'text' } ).subscribe({
+    this.http.post( "api/auth/login", { "UserName": this.UserName, "Password": this.Password, "StayLoggedIn": this.StayLoggedIn, "SameSite": (this.returnURL == '/') }, { responseType: 'text' } ).subscribe({
       next: data => {
         this.errorMsgs = [ "Login Token: " + data ];
         window.location.href = this.returnURL + "?LoginToken=" + data;