From c5e9ab2e5a240b6362db56211baa970f9562b27f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E5=85=86=E9=91=AB?= <zzx2867199593@qq.com>
Date: Sat, 25 Oct 2025 22:24:18 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dauthserver=E6=9C=8D?=
 =?UTF-8?q?=E5=8A=A1=E7=99=BB=E5=BD=95=E6=88=90=E5=8A=9F=E4=BD=86=E6=98=AF?=
 =?UTF-8?q?=E6=B2=A1=E6=9C=89=E4=BF=9D=E6=8C=81=E7=99=BB=E5=BD=95=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../KonSoftAuthServerModule.cs                | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
index 8368a45..33e8310 100644
--- a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
+++ b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
@@ -5,12 +5,15 @@ using KonSoft.Shared.Hosting.Microservices;
 using KonSoft.Shared.Localization.Localization;
 using Localization.Resources.AbpUi;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Volo.Abp;
 using Volo.Abp.Account;
 using Volo.Abp.Account.Localization;
 using Volo.Abp.Account.Web;
+using Volo.Abp.AspNetCore.Mvc.AntiForgery;
 using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
 using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling;
@@ -52,6 +55,12 @@ public class KonSoftAuthServerModule : AbpModule
 
         if (!hostingEnvironment.IsDevelopment())
         {
+            PreConfigure<AbpAntiForgeryOptions>(options =>
+            {
+                options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always;
+                options.TokenCookie.SameSite = SameSiteMode.Lax;
+            });
+
             PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
             {
                 options.AddDevelopmentEncryptionAndSigningCertificate = false;
@@ -100,6 +109,37 @@ public class KonSoftAuthServerModule : AbpModule
         {
             options.IsDynamicClaimsEnabled = true;
         });
+
+        // 配置转发头
+        context.Services.Configure<ForwardedHeadersOptions>(options =>
+        {
+            options.ForwardedHeaders = ForwardedHeaders.All;
+            options.KnownNetworks.Clear();
+            options.KnownProxies.Clear();
+        });
+
+        // 配置Cookie策略
+        context.Services.Configure<CookiePolicyOptions>(options =>
+        {
+            options.CheckConsentNeeded = context => false;
+            options.MinimumSameSitePolicy = SameSiteMode.Lax;
+            options.Secure = CookieSecurePolicy.Always;
+        });
+
+        // 配置应用Cookie
+        context.Services.ConfigureApplicationCookie(options =>
+        {
+            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.Cookie.SameSite = SameSiteMode.Lax;
+            options.Cookie.HttpOnly = true;
+        });
+
+        // 配置外部认证Cookie
+        context.Services.ConfigureExternalCookie(options =>
+        {
+            options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+            options.Cookie.SameSite = SameSiteMode.Lax;
+        });
     }
 
     public override void OnApplicationInitialization(ApplicationInitializationContext context)
@@ -112,6 +152,7 @@ public class KonSoftAuthServerModule : AbpModule
             app.UseDeveloperExceptionPage();
         }
 
+        app.UseForwardedHeaders();
         app.UseAbpRequestLocalization();
 
         if (!env.IsDevelopment())