From 96a4c178bb378132e356cc064411e796ee56e5da Mon Sep 17 00:00:00 2001 From: SysAdmin Date: Wed, 24 Sep 2025 22:06:15 +0100 Subject: [PATCH] Fix HTTP 500 login error: Configure anti-forgery and routing for proxy - Re-enabled ValidateAntiForgeryToken attribute - Configured anti-forgery for proxy environments with SameAsRequest - Fixed area routing order and constraints - Added proper forwarded headers middleware --- .../Admin/Controllers/AccountController.cs | 2 +- LittleShop/Program.cs | 17 +++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/LittleShop/Areas/Admin/Controllers/AccountController.cs b/LittleShop/Areas/Admin/Controllers/AccountController.cs index 727eb29..85ebdb9 100644 --- a/LittleShop/Areas/Admin/Controllers/AccountController.cs +++ b/LittleShop/Areas/Admin/Controllers/AccountController.cs @@ -28,7 +28,7 @@ public class AccountController : Controller } [HttpPost] - // [ValidateAntiForgeryToken] // Temporarily disabled for HTTPS proxy issue + [ValidateAntiForgeryToken] public async Task Login(string username, string password) { Console.WriteLine($"Received Username: '{username}', Password: '{password}'"); diff --git a/LittleShop/Program.cs b/LittleShop/Program.cs index 0a91db7..0e13fff 100644 --- a/LittleShop/Program.cs +++ b/LittleShop/Program.cs @@ -27,6 +27,10 @@ builder.Services.AddAntiforgery(options => { options.HeaderName = "X-CSRF-TOKEN"; options.FormFieldName = "__RequestVerificationToken"; + options.SuppressXFrameOptionsHeader = false; + // Required for HTTPS proxy scenarios + options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest; + options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict; }); // Database @@ -264,16 +268,17 @@ app.UseAuthentication(); app.UseAuthorization(); // Configure routing -app.MapControllerRoute( - name: "admin", - pattern: "Admin/{controller=Dashboard}/{action=Index}/{id?}", - defaults: new { area = "Admin" } -); - app.MapControllerRoute( name: "areas", pattern: "{area:exists}/{controller=Home}/{action=Index}/{id?}"); +app.MapControllerRoute( + name: "admin", + pattern: "Admin/{controller=Dashboard}/{action=Index}/{id?}", + defaults: new { area = "Admin" }, + constraints: new { area = "Admin" } +); + app.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}");