diff --git a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs index 800a7a8..b74e01a 100644 --- a/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs +++ b/applications/KonSoft.AuthServer/KonSoftAuthServerModule.cs @@ -5,15 +5,17 @@ using KonSoft.Shared.Hosting.Microservices; using KonSoft.Shared.Localization.Localization; using Localization.Resources.AbpUi; using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; +using System; +using System.Linq; +using System.Net; using Volo.Abp; using Volo.Abp.Account; using Volo.Abp.Account.Localization; using Volo.Abp.Account.Web; -using Volo.Abp.AspNetCore.Mvc.AntiForgery; using Volo.Abp.AspNetCore.Mvc.UI.Bundling; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling; @@ -24,6 +26,7 @@ using Volo.Abp.Localization; using Volo.Abp.Modularity; using Volo.Abp.OpenIddict; using Volo.Abp.Security.Claims; +using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork; namespace KonSoft; @@ -53,14 +56,13 @@ public class KonSoftAuthServerModule : AbpModule }); }); + context.Services.Configure(options => + { + options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + }); + if (!hostingEnvironment.IsDevelopment()) { - PreConfigure(options => - { - options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always; - options.TokenCookie.SameSite = SameSiteMode.Lax; - }); - PreConfigure(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; @@ -110,35 +112,23 @@ public class KonSoftAuthServerModule : AbpModule options.IsDynamicClaimsEnabled = true; }); - // 配置转发头 - context.Services.Configure(options => + context.Services.AddCors(options => { - options.ForwardedHeaders = ForwardedHeaders.All; - options.KnownNetworks.Clear(); - options.KnownProxies.Clear(); - }); - - // 配置Cookie策略 - context.Services.Configure(options => - { - options.CheckConsentNeeded = context => false; - options.MinimumSameSitePolicy = SameSiteMode.Lax; - options.Secure = CookieSecurePolicy.Always; - }); - - // 配置应用Cookie - context.Services.ConfigureApplicationCookie(options => - { - options.Cookie.SecurePolicy = CookieSecurePolicy.Always; - options.Cookie.SameSite = SameSiteMode.Lax; - options.Cookie.HttpOnly = true; - }); - - // 配置外部认证Cookie - context.Services.ConfigureExternalCookie(options => - { - options.Cookie.SecurePolicy = CookieSecurePolicy.Always; - options.Cookie.SameSite = SameSiteMode.Lax; + options.AddDefaultPolicy(builder => + { + builder + .WithOrigins( + configuration["App:CorsOrigins"]? + .Split(",", StringSplitOptions.RemoveEmptyEntries) + .Select(o => o.RemovePostFix("/")) + .ToArray() ?? Array.Empty() + ) + .WithAbpExposedHeaders() + .SetIsOriginAllowedToAllowWildcardSubdomains() + .AllowAnyHeader() + .AllowAnyMethod() + .AllowCredentials(); + }); }); } @@ -150,19 +140,17 @@ public class KonSoftAuthServerModule : AbpModule if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); + app.UseForwardedHeaders(); } - - app.UseForwardedHeaders(new ForwardedHeadersOptions - { - ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto - }); - app.UseAbpRequestLocalization(); - - if (!env.IsDevelopment()) + else { app.UseErrorPage(); + app.UseForwardedHeaders(); + app.UseHsts(); } + app.UseAbpRequestLocalization(); + app.UseCorrelationId(); app.UseStaticFiles(); app.UseRouting();