From 0b557567d2335c59c4fdb232a85cbaaab3f0958d Mon Sep 17 00:00:00 2001
From: chloe <chloestanton117@gmail.com>
Date: Thu, 19 Mar 2026 21:43:09 +0000
Subject: [PATCH] program update

---
 Seasoned.Backend/Program.cs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Seasoned.Backend/Program.cs b/Seasoned.Backend/Program.cs
index ed8a083..67e70ab 100644
--- a/Seasoned.Backend/Program.cs
+++ b/Seasoned.Backend/Program.cs
@@ -13,6 +13,9 @@ var builder = WebApplication.CreateBuilder(args);
 
 builder.Services.AddScoped<IRecipeService, RecipeService>();
 
+builder.Services.AddAuthentication(IdentityConstants.ApplicationScheme)
+    .AddCookie(IdentityConstants.ApplicationScheme);
+
 builder.Services.AddIdentityApiEndpoints<IdentityUser>( options => {
     options.Password.RequireDigit = false;
     options.Password.RequiredLength = 6;
@@ -28,7 +31,7 @@ builder.Services.ConfigureApplicationCookie(options =>
     options.Cookie.Name = "Seasoned.Session";
     options.Cookie.HttpOnly = true;
     options.Cookie.SameSite = SameSiteMode.None;
-    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
     options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
     options.Cookie.MaxAge = options.ExpireTimeSpan;
     options.SlidingExpiration = true; 
@@ -101,8 +104,8 @@ using (var scope = app.Services.CreateScope())
     }
 }
 
-app.UseDefaultFiles();
 app.UseForwardedHeaders();
+app.UseDefaultFiles();
 app.UseStaticFiles();
 app.UseCors("SeasonedOriginPolicy");
 app.UseAuthentication();