konsoft/KonSoft.Clean
7
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 更新ForwardedHeaders配置以支持CORS和IP网络

Browse Source
This commit is contained in:
张兆鑫
2025-10-25 23:45:18 +08:00
parent b8a25b3b52
commit ab1ffad658
1 changed files with 35 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
View File

@ -5,15 +5,17 @@ using KonSoft.Shared.Hosting.Microservices;
using KonSoft.Shared.Localization.Localization; using KonSoft.Shared.Localization.Localization;
using Localization.Resources.AbpUi; using Localization.Resources.AbpUi;
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Hosting;
using System;
using System.Linq;
using System.Net;
using Volo.Abp; using Volo.Abp;
using Volo.Abp.Account; using Volo.Abp.Account;
using Volo.Abp.Account.Localization; using Volo.Abp.Account.Localization;
using Volo.Abp.Account.Web; using Volo.Abp.Account.Web;
using Volo.Abp.AspNetCore.Mvc.AntiForgery;
using Volo.Abp.AspNetCore.Mvc.UI.Bundling; using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling;
@ -24,6 +26,7 @@ using Volo.Abp.Localization;
using Volo.Abp.Modularity; using Volo.Abp.Modularity;
using Volo.Abp.OpenIddict; using Volo.Abp.OpenIddict;
using Volo.Abp.Security.Claims; using Volo.Abp.Security.Claims;
using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
namespace KonSoft; namespace KonSoft;
@ -55,10 +58,14 @@ public class KonSoftAuthServerModule : AbpModule
if (!hostingEnvironment.IsDevelopment()) if (!hostingEnvironment.IsDevelopment())
{ {
PreConfigure<AbpAntiForgeryOptions>(options => PreConfigure<ForwardedHeadersOptions>(options =>
{ {
options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always; options.ForwardedHeaders = ForwardedHeaders.XForwardedFor |
options.TokenCookie.SameSite = SameSiteMode.Lax; ForwardedHeaders.XForwardedProto |
ForwardedHeaders.XForwardedHost;
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("::ffff:127.0.0.1"), 104));
options.KnownProxies.Add(IPAddress.Parse("::ffff:127.0.0.1"));
}); });
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
@ -110,35 +117,23 @@ public class KonSoftAuthServerModule : AbpModule
options.IsDynamicClaimsEnabled = true; options.IsDynamicClaimsEnabled = true;
}); });
// <20><><EFBFBD><EFBFBD>ת<EFBFBD><D7AA>ͷ context.Services.AddCors(options =>
context.Services.Configure<ForwardedHeadersOptions>(options =>
{ {
options.ForwardedHeaders = ForwardedHeaders.All; options.AddDefaultPolicy(builder =>
options.KnownNetworks.Clear(); {
options.KnownProxies.Clear(); builder
}); .WithOrigins(
configuration["App:CorsOrigins"]?
// <20><><EFBFBD><EFBFBD>Cookie<69><65><EFBFBD><EFBFBD> .Split(",", StringSplitOptions.RemoveEmptyEntries)
context.Services.Configure<CookiePolicyOptions>(options => .Select(o => o.RemovePostFix("/"))
{ .ToArray() ?? Array.Empty<string>()
options.CheckConsentNeeded = context => false; )
options.MinimumSameSitePolicy = SameSiteMode.Lax; .WithAbpExposedHeaders()
options.Secure = CookieSecurePolicy.Always; .SetIsOriginAllowedToAllowWildcardSubdomains()
}); .AllowAnyHeader()
.AllowAnyMethod()
// <20><><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>Cookie .AllowCredentials();
context.Services.ConfigureApplicationCookie(options => });
{
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.HttpOnly = true;
});
// <20><><EFBFBD><EFBFBD><EFBFBD>ⲿ<EFBFBD><E2B2BF>֤Cookie
context.Services.ConfigureExternalCookie(options =>
{
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
}); });
} }
@ -147,21 +142,16 @@ public class KonSoftAuthServerModule : AbpModule
var app = context.GetApplicationBuilder(); var app = context.GetApplicationBuilder();
var env = context.GetEnvironment(); var env = context.GetEnvironment();
if (env.IsDevelopment()) app.UseForwardedHeaders();
app.Use(async (ctx, next) =>
{ {
app.UseDeveloperExceptionPage(); ctx.Request.Scheme = "https";
} await next();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
}); });
app.UseAbpRequestLocalization();
if (!env.IsDevelopment()) app.UseDeveloperExceptionPage();
{ app.UseAbpRequestLocalization();
app.UseErrorPage(); app.UseErrorPage();
}
app.UseCorrelationId(); app.UseCorrelationId();
app.UseStaticFiles(); app.UseStaticFiles();