diff --git a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
index 8368a45..33e8310 100644
--- a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
+++ b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
@@ -5,12 +5,15 @@ using KonSoft.Shared.Hosting.Microservices;
 using KonSoft.Shared.Localization.Localization;
 using Localization.Resources.AbpUi;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Volo.Abp;
 using Volo.Abp.Account;
 using Volo.Abp.Account.Localization;
 using Volo.Abp.Account.Web;
+using Volo.Abp.AspNetCore.Mvc.AntiForgery;
 using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling;
@@ -52,6 +55,12 @@ public class KonSoftAuthServerModule : AbpModule
 
         if (!hostingEnvironment.IsDevelopment())
         {
+            PreConfigure<AbpAntiForgeryOptions>(options =>
+            {
+                options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always;
+                options.TokenCookie.SameSite = SameSiteMode.Lax;
+            });
+
             PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
             {
                 options.AddDevelopmentEncryptionAndSigningCertificate = false;
@@ -100,6 +109,37 @@ public class KonSoftAuthServerModule : AbpModule
         {
             options.IsDynamicClaimsEnabled = true;
         });
+
+        // 配置转发头
+        context.Services.Configure<ForwardedHeadersOptions>(options =>
+        {
+            options.ForwardedHeaders = ForwardedHeaders.All;
+            options.KnownNetworks.Clear();
+            options.KnownProxies.Clear();
+        });
+
+        // 配置Cookie策略
+        context.Services.Configure<CookiePolicyOptions>(options =>
+        {
+            options.CheckConsentNeeded = context => false;
+            options.MinimumSameSitePolicy = SameSiteMode.Lax;
+            options.Secure = CookieSecurePolicy.Always;
+        });
+
+        // 配置应用Cookie
+        context.Services.ConfigureApplicationCookie(options =>
+        {
+            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.Cookie.SameSite = SameSiteMode.Lax;
+            options.Cookie.HttpOnly = true;
+        });
+
+        // 配置外部认证Cookie
+        context.Services.ConfigureExternalCookie(options =>
+        {
+            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.Cookie.SameSite = SameSiteMode.Lax;
+        });
     }
 
     public override void OnApplicationInitialization(ApplicationInitializationContext context)
@@ -112,6 +152,7 @@ public class KonSoftAuthServerModule : AbpModule
             app.UseDeveloperExceptionPage();
         }
 
+        app.UseForwardedHeaders();
         app.UseAbpRequestLocalization();
 
         if (!env.IsDevelopment())