Open Closed

The cookie '"XSRF-TOKEN"' has set 'SameSite=None' and must also set 'Secure'. #5968


User avatar
0
Tuncay.Kurt created

Hello, I have a problem about XSRF-TOKEN. When deployed my project on IIS, then open on the browser. I take this exception In backend log= The cookie '"XSRF-TOKEN"' has set 'SameSite=None' and must also set 'Secure'. I configured cors codes. Then I added SameSiteCookiesServiceCollectionExtensions extension class and configured it. But I still take this exception. Can you help me please


16 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello Tuncay.Kurt,

    please check this link https://community.abp.io/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n

    please have look to these similar tickets https://support.abp.io/QA/Questions/4357/How-to-allow-cross-domain-cookies-in-ABP-identity-server https://github.com/abpframework/abp/issues/7261 https://support.abp.io/QA/Questions/622/Antiforgery-cookies-http-and-react-native-problems

    please let me know if found helpful for you

    Thanks, Anjali

  • User Avatar
    0
    Tuncay.Kurt created

    Hello Anjali, I already did this https://community.abp.io/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n But still have exception

    Thanks

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello Anjali, I already did this https://community.abp.io/articles/patch-for-chrome-login-issue-identityserver4-samesite-cookie-problem-weypwp3n But still have exception

    Thanks

    Ok will check and get back to you asap. Could you please provide steps to reproduce the issue.

  • User Avatar
    0
    Tuncay.Kurt created

    If you can connect my computer I can show the project. Or what do you need for understand my problem. I can do it.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello Tuncay.Kurt,

    Can you try to add this code in *HttpApiHostModule

      var services = context.Services.AddAntiforgery();
    
      services.AddAntiforgery(options => 
      { 
          options.Cookie.SameSite = SameSiteMode.None; 
          options.Cookie.SecurePolicy= CookieSecurePolicy.Always; 
      });
    

    regards,

  • User Avatar
    0
    Tuncay.Kurt created

    Hello Anjali, I added codes that you give me. Then I deployed the project. When I want to open site from browser. I take new exception

    Regards

  • User Avatar
    0
    Tuncay.Kurt created

    My test server have not SSL but my prod server have SSL

    Here is backend log exception text. 10/13/2023 15:41:51 The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, but the current request is not an SSL request. System.InvalidOperationException: The antiforgery system has the configuration value AntiforgeryOptions.Cookie.SecurePolicy = Always, but the current request is not an SSL request. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.CheckSSLConfig(HttpContext context) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.GetAndStoreTokens(HttpContext httpContext) at Volo.Abp.AspNetCore.Mvc.AntiForgery.AspNetCoreAbpAntiForgeryManager.GenerateToken() at Volo.Abp.AspNetCore.Mvc.AntiForgery.AspNetCoreAbpAntiForgeryManager.SetCookie() at Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync(ApplicationConfigurationRequestOptions options) at lambda_method3075(Closure, Object) at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello Tuncay.Kurt,

    can you please try once with this code

     options.Cookie.SecurePolicy= CookieSecurePolicy.SameAsRequest; 
    

    instead of options.Cookie.SecurePolicy= CookieSecurePolicy.Always;

  • User Avatar
    0
    Tuncay.Kurt created

    Hello Anjali, I did it and still same

    But in the log file the cookie '"xsrf-token"' has set 'samesite=none' and must also set 'secure'. does not write

  • User Avatar
    0
    IanW created

    Tunkcay, is this the standard ABP commercial template that you are trying to run? How did this problem start? Was it working before you changed something?

    I would first like to ask if a new solution has the same problem. After that we should try to compare the code differences.

  • User Avatar
    0
    Tuncay.Kurt created

    Hello IanW, The problem has existed since I first created the application. I can show you what I codded in the HttpApi.Host layer. If you want you can connect my computer

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    May I ask which UI are you using?

    Could you provide the full steps or share a project to reproduce the problem? I will try to help you. thanks for your time. my email is shiwei.liang@volosoft.com

  • User Avatar
    0
    Tuncay.Kurt created

    Hello, We are using Angular for UI. We sended our project with WeTransfer. Can you check your e-mail? Thank you

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I could not build the angular project.

    could you use the suite to create a new project to reproduce the problem? thx.

  • User Avatar
    0
    Tuncay.Kurt created

    Hello, Did you install libs (abp install-libs) in web project and node_modules in web project? I could build the project before send. I have already created this project with abp suite. Ok, I will create new poject with abp suite and then?

    Thank you

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Did you install libs (abp install-libs) in web project and node_modules in web project?

    Yes, I did.

    I have already created this project with abp suite. Ok, I will create new poject with abp suite and then?

    Will you get the same error if you deploy to local IIS? Please share it with me if it can be reproduced. thanks.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09