From fedb011154e1c6f18b9e102ebf30a834b84427d3 Mon Sep 17 00:00:00 2001
From: Warren Chen <minchen898@gmail.com>
Date: Tue, 5 May 2026 14:55:12 +0900
Subject: [PATCH] Fix Google login callback routing and forwarded headers

---
 src/MemberCenter.Web/Controllers/AccountController.cs | 5 ++++-
 src/MemberCenter.Web/Program.cs                       | 9 +++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/MemberCenter.Web/Controllers/AccountController.cs b/src/MemberCenter.Web/Controllers/AccountController.cs
index c0b44a1..f841a65 100644
--- a/src/MemberCenter.Web/Controllers/AccountController.cs
+++ b/src/MemberCenter.Web/Controllers/AccountController.cs
@@ -87,7 +87,10 @@ public class AccountController : Controller
     [ValidateAntiForgeryToken]
     public IActionResult ExternalLogin(string provider, string? returnUrl = null)
     {
-        var redirectUrl = Url.Action(nameof(ExternalLoginCallback), new { returnUrl });
+        var redirectUrl = Url.Action(
+            nameof(ExternalLoginCallback),
+            "Account",
+            new { area = string.Empty, returnUrl });
         var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
         return Challenge(properties, provider);
     }
diff --git a/src/MemberCenter.Web/Program.cs b/src/MemberCenter.Web/Program.cs
index 19f55e1..347014b 100644
--- a/src/MemberCenter.Web/Program.cs
+++ b/src/MemberCenter.Web/Program.cs
@@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.RateLimiting;
 using MemberCenter.Application.Abstractions;
 using MemberCenter.Application.Constants;
@@ -89,6 +90,13 @@ builder.Services.AddAuthorization(options =>
     options.AddPolicy("Superuser", policy => policy.RequireRole("superuser"));
 });
 
+builder.Services.Configure<ForwardedHeadersOptions>(options =>
+{
+    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+    options.KnownNetworks.Clear();
+    options.KnownProxies.Clear();
+});
+
 builder.Services.AddRateLimiter(options =>
 {
     options.RejectionStatusCode = StatusCodes.Status429TooManyRequests;
@@ -154,6 +162,7 @@ if (!app.Environment.IsDevelopment())
     app.UseHsts();
 }
 
+app.UseForwardedHeaders();
 app.UseRouting();
 app.UseRateLimiter();
 app.UseAuthentication();