fix: simplify cookie configuration - remove duplicate Antiforgery setup
TaxBaik CI/CD / build-and-deploy (push) Failing after 1m1s
TaxBaik CI/CD / build-and-deploy (push) Failing after 1m1s
- Remove explicit AddAntiforgery (already auto-registered) - Keep only session cookie with SameSite=Lax - Rely on UseForwardedHeaders for proxy HTTPS detection ASP.NET Core automatically registers Antiforgery, so explicit configuration causes duplicate setup. Simplified to essential cookie settings only. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -107,18 +107,8 @@ builder.Services.AddSession(options =>
|
||||
options.Cookie.IsEssential = true;
|
||||
options.Cookie.Name = "TaxBaik.SessionId";
|
||||
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
|
||||
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest;
|
||||
});
|
||||
builder.Services.AddDistributedMemoryCache();
|
||||
|
||||
// Antiforgery 쿠키 설정 (Nginx 프록시 뒤 HTTPS 지원)
|
||||
builder.Services.AddAntiforgery(options =>
|
||||
{
|
||||
options.Cookie.HttpOnly = true;
|
||||
options.Cookie.IsEssential = true;
|
||||
options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax;
|
||||
options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest;
|
||||
});
|
||||
// TempData는 기본적으로 쿠키 저장소 사용 (위 세션 설정 상속)
|
||||
|
||||
// JWT 인증
|
||||
|
||||
Reference in New Issue
Block a user