fix

Seasoned.Backend/Program.cs

@@ -13,9 +13,6 @@ var builder = WebApplication.CreateBuilder(args);
 
 builder.Services.AddScoped<IRecipeService, RecipeService>();
 
-builder.Services.AddAuthentication(IdentityConstants.ApplicationScheme)
-    .AddCookie(IdentityConstants.ApplicationScheme);
-
 builder.Services.AddIdentityApiEndpoints<IdentityUser>( options => {
     options.Password.RequireDigit = false;
     options.Password.RequiredLength = 6;
@@ -31,9 +28,8 @@ builder.Services.ConfigureApplicationCookie(options =>
     options.Cookie.Name = "Seasoned.Session";
     options.Cookie.HttpOnly = true;
     options.Cookie.SameSite = SameSiteMode.None;
-    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+    options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
     options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
-    options.Cookie.MaxAge = options.ExpireTimeSpan;
     options.SlidingExpiration = true; 
     options.Events.OnRedirectToLogin = context =>
     {
@@ -42,13 +38,6 @@ builder.Services.ConfigureApplicationCookie(options =>
     };
 });    
 
-builder.Services.Configure<ForwardedHeadersOptions>(options =>
-{
-    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
-    options.KnownNetworks.Clear();
-    options.KnownProxies.Clear();
-});
-
 builder.Services.AddAuthorization();
 
 builder.Services.AddControllers()
@@ -62,7 +51,7 @@ builder.Services.AddCors(options =>
 {
     options.AddPolicy("SeasonedOriginPolicy", policy =>
     {
-        policy.WithOrigins("https://seasoned.ddns.net", "https://www.seasoned.ddns.net")
+        policy.WithOrigins("https://seasoned.ddns.net")
               .AllowAnyMethod()
               .AllowAnyHeader()
               .AllowCredentials();
@@ -104,7 +93,6 @@ using (var scope = app.Services.CreateScope())
     }
 }
 
-app.UseForwardedHeaders();
 app.UseDefaultFiles();
 app.UseStaticFiles();
 app.UseCors("SeasonedOriginPolicy");