genexuslabs · claudiamurialdo · Nov 20, 2025 · Nov 21, 2025 · Nov 21, 2025 · Nov 21, 2025
diff --git a/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs b/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs
@@ -22,6 +22,7 @@
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.ApplicationModels;
 using Microsoft.AspNetCore.Mvc.ModelBinding;
@@ -259,7 +260,10 @@ public void ConfigureServices(IServiceCollection services)
 			{
 				options.IdleTimeout = TimeSpan.FromMinutes(Preferences.SessionTimeout);
 				options.Cookie.HttpOnly = true;
-				options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+				if (Preferences.HttpProtocolSecure()) 
+					options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+				else
+					options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
 				options.Cookie.IsEssential = true;
 				string sessionCookieName = GxWebSession.GetSessionCookieName(VirtualPath);
 				if (!string.IsNullOrEmpty(sessionCookieName))
@@ -562,6 +566,10 @@ public void Configure(IApplicationBuilder app, Microsoft.AspNetCore.Hosting.IHos
 					provider.Mappings[mapping.Key] = mapping.Value;
 				}
 			}
+			app.UseForwardedHeaders(new ForwardedHeadersOptions
+			{
+				ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedFor
+			});
 			if (GXUtil.CompressResponse())
 			{
 				app.UseResponseCompression();

diff --git a/dotnet/src/dotnetframework/GxClasses/Core/GXApplication.cs b/dotnet/src/dotnetframework/GxClasses/Core/GXApplication.cs
@@ -3087,30 +3087,6 @@ public virtual string GetServerSchema()
 				return GXUri.UriSchemeHttp;
 			}
 		}
-		private bool FrontEndHttps()
-		{
-			if (CheckHeaderValue("Front-End-Https", "on") || CheckHeaderValue("X-Forwarded-Proto", "https"))
-			{
-				GXLogging.Debug(Logger, "Front-End-Https header activated");
-				return true;
-			}
-			else
-			{
-				return false;
-			}
-		}
-		private bool CheckHeaderValue(String headerName, String headerValue)
-		{
-			if (_HttpContext != null)
-			{
-				string httpsHeader = _HttpContext.Request.Headers[headerName];
-				if (!string.IsNullOrEmpty(httpsHeader) && httpsHeader.Equals(headerValue, StringComparison.OrdinalIgnoreCase))
-				{
-					return true;
-				}
-			}
-			return false;
-		}
 		public virtual string GetScriptPath()
 		{
 			try

diff --git a/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttpModules.cs b/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttpModules.cs
@@ -241,7 +241,7 @@ public void Init(HttpApplication app)
 
 		private void Session_Start(object sender, EventArgs e)
 		{
-			if (App.Request.GetIsSecureFrontEnd() || App.Request.GetIsSecureConnection() == 1)
+			if (App.Request.GetIsSecureFrontEnd() || App.Request.GetIsSecureConnection() == 1 || Preferences.HttpProtocolSecure())
 			{
 				HttpCookie sessionCookie = RetrieveResponseCookie(App.Response, cookieName);