Fix HTTP 500 login error: Configure anti-forgery and routing for proxy

- Re-enabled ValidateAntiForgeryToken attribute
- Configured anti-forgery for proxy environments with SameAsRequest
- Fixed area routing order and constraints
- Added proper forwarded headers middleware

LittleShop/Program.cs

@@ -27,6 +27,10 @@ builder.Services.AddAntiforgery(options =>
 {
     options.HeaderName = "X-CSRF-TOKEN";
     options.FormFieldName = "__RequestVerificationToken";
+    options.SuppressXFrameOptionsHeader = false;
+    // Required for HTTPS proxy scenarios
+    options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest;
+    options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Strict;
 });
 
 // Database
@@ -264,16 +268,17 @@ app.UseAuthentication();
 app.UseAuthorization();
 
 // Configure routing
-app.MapControllerRoute(
-    name: "admin",
-    pattern: "Admin/{controller=Dashboard}/{action=Index}/{id?}",
-    defaults: new { area = "Admin" }
-);
-
 app.MapControllerRoute(
     name: "areas",
     pattern: "{area:exists}/{controller=Home}/{action=Index}/{id?}");
 
+app.MapControllerRoute(
+    name: "admin",
+    pattern: "Admin/{controller=Dashboard}/{action=Index}/{id?}",
+    defaults: new { area = "Admin" },
+    constraints: new { area = "Admin" }
+);
+
 app.MapControllerRoute(
     name: "default",
     pattern: "{controller=Home}/{action=Index}/{id?}");