diff --git a/src/dotnet/QuantEngine.Web/Pages/Account/Login.cshtml.cs b/src/dotnet/QuantEngine.Web/Pages/Account/Login.cshtml.cs index 0f0e22d..03295a9 100644 --- a/src/dotnet/QuantEngine.Web/Pages/Account/Login.cshtml.cs +++ b/src/dotnet/QuantEngine.Web/Pages/Account/Login.cshtml.cs @@ -42,9 +42,10 @@ namespace QuantEngine.Web.Pages.Account try { var loginRequest = new { Username = username, Password = password }; - var scheme = string.IsNullOrWhiteSpace(Request.Scheme) ? "http" : Request.Scheme; - var host = Request.Host.HasValue ? Request.Host.Value : "localhost:5265"; - var requestUri = $"{scheme}://{host}/api/auth/login"; + // Always call the internal API directly to avoid Cloudflare proxy interference. + // Request.Host / Request.Scheme must NOT be used here — they resolve to the external + // domain which causes the self-call to go out through Cloudflare and return 400. + var requestUri = "http://localhost:5265/api/auth/login"; var response = await _httpClient.PostAsJsonAsync(requestUri, loginRequest); if (response.IsSuccessStatusCode)