This pull request improves authentication and cookie handling, especially for scenarios where the frontend and backend are on different origins or behind a reverse proxy. The changes ensure that cookies are set and cleared correctly for cross-origin authentication and logout flows.
Authentication and Cookie Policy Improvements:
- Updated the cookie
SameSitepolicy to useNonein production (for cross-origin support) andLaxin development, ensuring authentication works when the frontend is hosted on a different origin. - Enhanced the logout event to explicitly overwrite the authentication cookie with an expired one using the same attributes, guaranteeing proper cookie removal even when behind a proxy.
API Endpoint Adjustments:
- Added the
[AllowAnonymous]attribute to theLogoutendpoint inAccountController, allowing unauthenticated users to call the logout route (useful for cleaning up cookies after session expiration).
Automated canary build