From dd660ef4b3dd1b786d89541c070f568b430cdc8c Mon Sep 17 00:00:00 2001 From: kjh2064 Date: Sat, 4 Jul 2026 02:55:23 +0900 Subject: [PATCH] fix: add Antiforgery cookie configuration for Nginx proxy HTTPS - Add SameSite=Lax to session cookie - Add SecurePolicy=SameAsRequest for proxy compatibility - Explicitly configure Antiforgery cookie with same settings - Resolves antiforgery token validation failures on HTTPS This fixes the "required antiforgery cookie is not present" error that occurs when behind Nginx reverse proxy with HTTPS. Co-Authored-By: Claude Haiku 4.5 --- src/TaxBaik.Web/Program.cs | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/TaxBaik.Web/Program.cs b/src/TaxBaik.Web/Program.cs index 4702b3b..1b8807e 100644 --- a/src/TaxBaik.Web/Program.cs +++ b/src/TaxBaik.Web/Program.cs @@ -106,9 +106,20 @@ builder.Services.AddSession(options => options.Cookie.HttpOnly = true; options.Cookie.IsEssential = true; options.Cookie.Name = "TaxBaik.SessionId"; + options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax; + options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest; }); builder.Services.AddDistributedMemoryCache(); -// TempData는 기본적으로 쿠키 저장소 사용 (여기서 명시적 설정) + +// Antiforgery 쿠키 설정 (Nginx 프록시 뒤 HTTPS 지원) +builder.Services.AddAntiforgery(options => +{ + options.Cookie.HttpOnly = true; + options.Cookie.IsEssential = true; + options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax; + options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest; +}); +// TempData는 기본적으로 쿠키 저장소 사용 (위 세션 설정 상속) // JWT 인증 var connectionString = builder.Configuration.GetConnectionString("Default")