Hello, I have a problem about XSRF-TOKEN. When deployed my project on IIS, then open on the browser. I take this exception In backend log= The cookie '"XSRF-TOKEN"' has set 'SameSite=None' and must also set 'Secure'. I configured cors codes. Then I added SameSiteCookiesServiceCollectionExtensions extension class and configured it. But I still take this exception. Can you help me please
16 Answer(s)
-
0
Hello Tuncay.Kurt,
please check this link https://community.abp.io/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n
please have look to these similar tickets https://support.abp.io/QA/Questions/4357/How-to-allow-cross-domain-cookies-in-ABP-identity-server https://github.com/abpframework/abp/issues/7261 https://support.abp.io/QA/Questions/622/Antiforgery-cookies-http-and-react-native-problems
please let me know if found helpful for you
Thanks, Anjali
-
0
Hello Anjali, I already did this https://community.abp.io/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n But still have exception
Thanks
-
0
Hello Anjali, I already did this https://community.abp.io/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n But still have exception
Thanks
Ok will check and get back to you asap. Could you please provide steps to reproduce the issue.
-
0
If you can connect my computer I can show the project. Or what do you need for understand my problem. I can do it.
-
0
Hello Tuncay.Kurt,
Can you try to add this code in *HttpApiHostModule
var services = context.Services.AddAntiforgery(); services.AddAntiforgery(options => { options.Cookie.SameSite = SameSiteMode.None; options.Cookie.SecurePolicy= CookieSecurePolicy.Always; });
regards,
-
0
-
0
My test server have not SSL but my prod server have SSL
Here is backend log exception text. 10/13/2023 15:41:51 The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, but the current request is not an SSL request. System.InvalidOperationException: The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, but the current request is not an SSL request. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.CheckSSLConfig(HttpContext context) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetAndStoreTokens(HttpContext httpContext) at Volo.Abp.AspNetCore.Mvc.AntiForgery.AspNetCoreAbpAntiForgeryManager.GenerateToken() at Volo.Abp.AspNetCore.Mvc.AntiForgery.AspNetCoreAbpAntiForgeryManager.SetCookie() at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync(ApplicationConfigurationRequestOptions options) at lambda_method3075(Closure, Object) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.
-
0
Hello Tuncay.Kurt,
can you please try once with this code
options.Cookie.SecurePolicy= CookieSecurePolicy.SameAsRequest;
instead of
options.Cookie.SecurePolicy= CookieSecurePolicy.Always;
-
0
-
0
Tunkcay, is this the standard ABP commercial template that you are trying to run? How did this problem start? Was it working before you changed something?
I would first like to ask if a new solution has the same problem. After that we should try to compare the code differences.
-
0
Hello IanW, The problem has existed since I first created the application. I can show you what I codded in the HttpApi.Host layer. If you want you can connect my computer
-
0
Hi,
May I ask which UI are you using?
Could you provide the full steps or share a project to reproduce the problem? I will try to help you. thanks for your time. my email is shiwei.liang@volosoft.com
-
0
Hello, We are using Angular for UI. We sended our project with WeTransfer. Can you check your e-mail? Thank you
-
0
-
0
Hello, Did you install libs (abp install-libs) in web project and node_modules in web project? I could build the project before send. I have already created this project with abp suite. Ok, I will create new poject with abp suite and then?
Thank you
-
0
Hi,
Did you install libs (abp install-libs) in web project and node_modules in web project?
Yes, I did.
I have already created this project with abp suite. Ok, I will create new poject with abp suite and then?
Will you get the same error if you deploy to local IIS? Please share it with me if it can be reproduced. thanks.