Fix HTTP 500 login error: Configure anti-forgery and routing for proxy
- Re-enabled ValidateAntiForgeryToken attribute - Configured anti-forgery for proxy environments with SameAsRequest - Fixed area routing order and constraints - Added proper forwarded headers middleware
This commit is contained in:
parent
2fb173696e
commit
96a4c178bb
@ -28,7 +28,7 @@ public class AccountController : Controller
|
||||
}
|
||||
|
||||
[HttpPost]
|
||||
// [ValidateAntiForgeryToken] // Temporarily disabled for HTTPS proxy issue
|
||||
[ValidateAntiForgeryToken]
|
||||
public async Task<IActionResult> Login(string username, string password)
|
||||
{
|
||||
Console.WriteLine($"Received Username: '{username}', Password: '{password}'");
|
||||
|
||||
@ -27,6 +27,10 @@ builder.Services.AddAntiforgery(options =>
|
||||
{
|
||||
options.HeaderName = "X-CSRF-TOKEN";
|
||||
options.FormFieldName = "__RequestVerificationToken";
|
||||
options.SuppressXFrameOptionsHeader = false;
|
||||
// Required for HTTPS proxy scenarios
|
||||
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest;
|
||||
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
|
||||
});
|
||||
|
||||
// Database
|
||||
@ -264,16 +268,17 @@ app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
|
||||
// Configure routing
|
||||
app.MapControllerRoute(
|
||||
name: "admin",
|
||||
pattern: "Admin/{controller=Dashboard}/{action=Index}/{id?}",
|
||||
defaults: new { area = "Admin" }
|
||||
);
|
||||
|
||||
app.MapControllerRoute(
|
||||
name: "areas",
|
||||
pattern: "{area:exists}/{controller=Home}/{action=Index}/{id?}");
|
||||
|
||||
app.MapControllerRoute(
|
||||
name: "admin",
|
||||
pattern: "Admin/{controller=Dashboard}/{action=Index}/{id?}",
|
||||
defaults: new { area = "Admin" },
|
||||
constraints: new { area = "Admin" }
|
||||
);
|
||||
|
||||
app.MapControllerRoute(
|
||||
name: "default",
|
||||
pattern: "{controller=Home}/{action=Index}/{id?}");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user