konsoft/KonSoft.Clean
7
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 更新ForwardedHeaders配置以支持CORS和IP网络

Browse Source
This commit is contained in:
张兆鑫
2025-10-25 23:45:18 +08:00
parent b8a25b3b52
commit efce7162c4
1 changed files with 32 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs
View File

@ -5,15 +5,17 @@ using KonSoft.Shared.Hosting.Microservices;
using KonSoft.Shared.Localization.Localization;
using Localization.Resources.AbpUi;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using System;
using System.Linq;
using System.Net;
using Volo.Abp;
using Volo.Abp.Account;
using Volo.Abp.Account.Localization;
using Volo.Abp.Account.Web;
using Volo.Abp.AspNetCore.Mvc.AntiForgery;
using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling;
@ -24,6 +26,7 @@ using Volo.Abp.Localization;
using Volo.Abp.Modularity;
using Volo.Abp.OpenIddict;
using Volo.Abp.Security.Claims;
using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
namespace KonSoft;
@ -53,14 +56,13 @@ public class KonSoftAuthServerModule : AbpModule
});
});
context.Services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpAntiForgeryOptions>(options =>
{
options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always;
options.TokenCookie.SameSite = SameSiteMode.Lax;
});
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
@ -110,35 +112,23 @@ public class KonSoftAuthServerModule : AbpModule
options.IsDynamicClaimsEnabled = true;
});
// <20><><EFBFBD><EFBFBD>ת<EFBFBD><D7AA>ͷ
context.Services.Configure<ForwardedHeadersOptions>(options =>
context.Services.AddCors(options =>
{
options.ForwardedHeaders = ForwardedHeaders.All;
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
});
// <20><><EFBFBD><EFBFBD>Cookie<69><65><EFBFBD><EFBFBD>
context.Services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.Lax;
options.Secure = CookieSecurePolicy.Always;
});
// <20><><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>Cookie
context.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.HttpOnly = true;
});
// <20><><EFBFBD><EFBFBD><EFBFBD>ⲿ<EFBFBD><E2B2BF>֤Cookie
context.Services.ConfigureExternalCookie(options =>
{
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.Cookie.SameSite = SameSiteMode.Lax;
options.AddDefaultPolicy(builder =>
{
builder
.WithOrigins(
configuration["App:CorsOrigins"]?
.Split(",", StringSplitOptions.RemoveEmptyEntries)
.Select(o => o.RemovePostFix("/"))
.ToArray() ?? Array.Empty<string>()
)
.WithAbpExposedHeaders()
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
}
@ -150,19 +140,17 @@ public class KonSoftAuthServerModule : AbpModule
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseForwardedHeaders();
}
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAbpRequestLocalization();
if (!env.IsDevelopment())
else
{
app.UseErrorPage();
app.UseForwardedHeaders();
app.UseHsts();
}
app.UseAbpRequestLocalization();
app.UseCorrelationId();
app.UseStaticFiles();
app.UseRouting();