From ef484c41a4ca6d2ac8acc5719e263ad95eb80067 Mon Sep 17 00:00:00 2001 From: kjh2064 Date: Sat, 4 Jul 2026 02:56:13 +0900 Subject: [PATCH] fix: simplify cookie configuration - remove duplicate Antiforgery setup - Remove explicit AddAntiforgery (already auto-registered) - Keep only session cookie with SameSite=Lax - Rely on UseForwardedHeaders for proxy HTTPS detection ASP.NET Core automatically registers Antiforgery, so explicit configuration causes duplicate setup. Simplified to essential cookie settings only. Co-Authored-By: Claude Haiku 4.5 --- src/TaxBaik.Web/Program.cs | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/TaxBaik.Web/Program.cs b/src/TaxBaik.Web/Program.cs index 1b8807e..82cad1c 100644 --- a/src/TaxBaik.Web/Program.cs +++ b/src/TaxBaik.Web/Program.cs @@ -107,18 +107,8 @@ builder.Services.AddSession(options => options.Cookie.IsEssential = true; options.Cookie.Name = "TaxBaik.SessionId"; options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax; - options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest; }); builder.Services.AddDistributedMemoryCache(); - -// Antiforgery 쿠키 설정 (Nginx 프록시 뒤 HTTPS 지원) -builder.Services.AddAntiforgery(options => -{ - options.Cookie.HttpOnly = true; - options.Cookie.IsEssential = true; - options.Cookie.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.Lax; - options.Cookie.SecurePolicy = Microsoft.AspNetCore.Http.CookieSecurePolicy.SameAsRequest; -}); // TempData는 기본적으로 쿠키 저장소 사용 (위 세션 설정 상속) // JWT 인증