xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add trusted forwarded-header config and tests

Browse Source
This commit is contained in:
Frank Tovar
2026-02-07 00:51:36 +01:00
parent c672802469
commit 9c1eb63084
3 changed files with 103 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
IIS.md
View File

@@ -13,6 +13,9 @@
- `ASPNETCORE_ENVIRONMENT=Production`
- `ADMIN_PASSWORD=<your-secret>`
- `BasePath=/picknplay` (only if the site is under a subfolder; omit for root)
- Configure trusted reverse proxies/networks for forwarded headers (do not trust all sources):
- `ForwardedHeaders__KnownProxies__0=10.0.0.10`
- `ForwardedHeaders__KnownNetworks__0=10.0.0.0/24`
- Optional: enable stdout logging in `web.config` during troubleshooting only; disable afterward.
- Data protection keys are persisted to `App_Data/keys`; ensure this folder is deployed and writable so auth cookies stay valid across app pool recycles.
- Frontend base path: set `<meta name="app-base" content="/picknplay">` in `wwwroot/index.html` for production so API calls include the subpath (keep blank for local/root).