diff --git a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
index 800a7a8..a847d1c 100644
--- a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
+++ b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
@@ -5,15 +5,17 @@ using KonSoft.Shared.Hosting.Microservices;
 using KonSoft.Shared.Localization.Localization;
 using Localization.Resources.AbpUi;
 using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using System;
+using System.Linq;
+using System.Net;
 using Volo.Abp;
 using Volo.Abp.Account;
 using Volo.Abp.Account.Localization;
 using Volo.Abp.Account.Web;
-using Volo.Abp.AspNetCore.Mvc.AntiForgery;
 using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling;
@@ -24,6 +26,7 @@ using Volo.Abp.Localization;
 using Volo.Abp.Modularity;
 using Volo.Abp.OpenIddict;
 using Volo.Abp.Security.Claims;
+using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
 
 namespace KonSoft;
 
@@ -55,10 +58,14 @@ public class KonSoftAuthServerModule : AbpModule
 
         if (!hostingEnvironment.IsDevelopment())
         {
-            PreConfigure<AbpAntiForgeryOptions>(options =>
+            PreConfigure<ForwardedHeadersOptions>(options =>
             {
-                options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always;
-                options.TokenCookie.SameSite = SameSiteMode.Lax;
+                options.ForwardedHeaders = ForwardedHeaders.XForwardedFor |
+                                           ForwardedHeaders.XForwardedProto |
+                                           ForwardedHeaders.XForwardedHost;
+
+                options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("::ffff:127.0.0.1"), 104));
+                options.KnownProxies.Add(IPAddress.Parse("::ffff:127.0.0.1"));
             });
 
             PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
@@ -110,35 +117,23 @@ public class KonSoftAuthServerModule : AbpModule
             options.IsDynamicClaimsEnabled = true;
         });
 
-        // 配置转发头
-        context.Services.Configure<ForwardedHeadersOptions>(options =>
+        context.Services.AddCors(options =>
         {
-            options.ForwardedHeaders = ForwardedHeaders.All;
-            options.KnownNetworks.Clear();
-            options.KnownProxies.Clear();
-        });
-
-        // 配置Cookie策略
-        context.Services.Configure<CookiePolicyOptions>(options =>
-        {
-            options.CheckConsentNeeded = context => false;
-            options.MinimumSameSitePolicy = SameSiteMode.Lax;
-            options.Secure = CookieSecurePolicy.Always;
-        });
-
-        // 配置应用Cookie
-        context.Services.ConfigureApplicationCookie(options =>
-        {
-            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
-            options.Cookie.SameSite = SameSiteMode.Lax;
-            options.Cookie.HttpOnly = true;
-        });
-
-        // 配置外部认证Cookie
-        context.Services.ConfigureExternalCookie(options =>
-        {
-            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
-            options.Cookie.SameSite = SameSiteMode.Lax;
+            options.AddDefaultPolicy(builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]?
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray() ?? Array.Empty<string>()
+                    )
+                    .WithAbpExposedHeaders()
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
         });
     }
 
@@ -147,21 +142,16 @@ public class KonSoftAuthServerModule : AbpModule
         var app = context.GetApplicationBuilder();
         var env = context.GetEnvironment();
 
-        if (env.IsDevelopment())
+        app.UseForwardedHeaders();
+        app.Use(async (ctx, next) =>
         {
-            app.UseDeveloperExceptionPage();
-        }
-
-        app.UseForwardedHeaders(new ForwardedHeadersOptions
-        {
-            ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
+            ctx.Request.Scheme = "https";
+            await next();
         });
-        app.UseAbpRequestLocalization();
 
-        if (!env.IsDevelopment())
-        {
-            app.UseErrorPage();
-        }
+        app.UseDeveloperExceptionPage();
+        app.UseAbpRequestLocalization();
+        app.UseErrorPage();
 
         app.UseCorrelationId();
         app.UseStaticFiles();