fix: simplify cookie configuration - remove duplicate Antiforgery setup
TaxBaik CI/CD / build-and-deploy (push) Failing after 1m1s

- Remove explicit AddAntiforgery (already auto-registered)
- Keep only session cookie with SameSite=Lax
- Rely on UseForwardedHeaders for proxy HTTPS detection

ASP.NET Core automatically registers Antiforgery, so explicit
configuration causes duplicate setup. Simplified to essential
cookie settings only.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
2026-07-04 02:56:13 +09:00
parent dd660ef4b3
commit ef484c41a4
-10
View File
@@ -107,18 +107,8 @@ builder.Services.AddSession(options =>
options.Cookie.IsEssential = true;
options.Cookie.Name = "TaxBaik.SessionId";
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest;
});
builder.Services.AddDistributedMemoryCache();
// Antiforgery 쿠키 설정 (Nginx 프록시 뒤 HTTPS 지원)
builder.Services.AddAntiforgery(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest;
});
// TempData는 기본적으로 쿠키 저장소 사용 (위 세션 설정 상속)
// JWT 인증