fix: 更新ForwardedHeaders配置以支持CORS和IP网络
This commit is contained in:
@ -5,15 +5,17 @@ using KonSoft.Shared.Hosting.Microservices;
|
|||||||
using KonSoft.Shared.Localization.Localization;
|
using KonSoft.Shared.Localization.Localization;
|
||||||
using Localization.Resources.AbpUi;
|
using Localization.Resources.AbpUi;
|
||||||
using Microsoft.AspNetCore.Builder;
|
using Microsoft.AspNetCore.Builder;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Cors;
|
||||||
using Microsoft.AspNetCore.HttpOverrides;
|
using Microsoft.AspNetCore.HttpOverrides;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
using Microsoft.Extensions.Hosting;
|
using Microsoft.Extensions.Hosting;
|
||||||
|
using System;
|
||||||
|
using System.Linq;
|
||||||
|
using System.Net;
|
||||||
using Volo.Abp;
|
using Volo.Abp;
|
||||||
using Volo.Abp.Account;
|
using Volo.Abp.Account;
|
||||||
using Volo.Abp.Account.Localization;
|
using Volo.Abp.Account.Localization;
|
||||||
using Volo.Abp.Account.Web;
|
using Volo.Abp.Account.Web;
|
||||||
using Volo.Abp.AspNetCore.Mvc.AntiForgery;
|
|
||||||
using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
|
using Volo.Abp.AspNetCore.Mvc.UI.Bundling;
|
||||||
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
|
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic;
|
||||||
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling;
|
using Volo.Abp.AspNetCore.Mvc.UI.Theme.Basic.Bundling;
|
||||||
@ -24,6 +26,7 @@ using Volo.Abp.Localization;
|
|||||||
using Volo.Abp.Modularity;
|
using Volo.Abp.Modularity;
|
||||||
using Volo.Abp.OpenIddict;
|
using Volo.Abp.OpenIddict;
|
||||||
using Volo.Abp.Security.Claims;
|
using Volo.Abp.Security.Claims;
|
||||||
|
using IPNetwork = Microsoft.AspNetCore.HttpOverrides.IPNetwork;
|
||||||
|
|
||||||
namespace KonSoft;
|
namespace KonSoft;
|
||||||
|
|
||||||
@ -53,14 +56,13 @@ public class KonSoftAuthServerModule : AbpModule
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
context.Services.Configure<ForwardedHeadersOptions>(options =>
|
||||||
|
{
|
||||||
|
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
|
||||||
|
});
|
||||||
|
|
||||||
if (!hostingEnvironment.IsDevelopment())
|
if (!hostingEnvironment.IsDevelopment())
|
||||||
{
|
{
|
||||||
PreConfigure<AbpAntiForgeryOptions>(options =>
|
|
||||||
{
|
|
||||||
options.TokenCookie.SecurePolicy = CookieSecurePolicy.Always;
|
|
||||||
options.TokenCookie.SameSite = SameSiteMode.Lax;
|
|
||||||
});
|
|
||||||
|
|
||||||
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
|
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
|
||||||
{
|
{
|
||||||
options.AddDevelopmentEncryptionAndSigningCertificate = false;
|
options.AddDevelopmentEncryptionAndSigningCertificate = false;
|
||||||
@ -110,35 +112,23 @@ public class KonSoftAuthServerModule : AbpModule
|
|||||||
options.IsDynamicClaimsEnabled = true;
|
options.IsDynamicClaimsEnabled = true;
|
||||||
});
|
});
|
||||||
|
|
||||||
// <20><><EFBFBD><EFBFBD>ת<EFBFBD><D7AA>ͷ
|
context.Services.AddCors(options =>
|
||||||
context.Services.Configure<ForwardedHeadersOptions>(options =>
|
|
||||||
{
|
{
|
||||||
options.ForwardedHeaders = ForwardedHeaders.All;
|
options.AddDefaultPolicy(builder =>
|
||||||
options.KnownNetworks.Clear();
|
{
|
||||||
options.KnownProxies.Clear();
|
builder
|
||||||
});
|
.WithOrigins(
|
||||||
|
configuration["App:CorsOrigins"]?
|
||||||
// <20><><EFBFBD><EFBFBD>Cookie<69><65><EFBFBD><EFBFBD>
|
.Split(",", StringSplitOptions.RemoveEmptyEntries)
|
||||||
context.Services.Configure<CookiePolicyOptions>(options =>
|
.Select(o => o.RemovePostFix("/"))
|
||||||
{
|
.ToArray() ?? Array.Empty<string>()
|
||||||
options.CheckConsentNeeded = context => false;
|
)
|
||||||
options.MinimumSameSitePolicy = SameSiteMode.Lax;
|
.WithAbpExposedHeaders()
|
||||||
options.Secure = CookieSecurePolicy.Always;
|
.SetIsOriginAllowedToAllowWildcardSubdomains()
|
||||||
});
|
.AllowAnyHeader()
|
||||||
|
.AllowAnyMethod()
|
||||||
// <20><><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>Cookie
|
.AllowCredentials();
|
||||||
context.Services.ConfigureApplicationCookie(options =>
|
});
|
||||||
{
|
|
||||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
|
||||||
options.Cookie.SameSite = SameSiteMode.Lax;
|
|
||||||
options.Cookie.HttpOnly = true;
|
|
||||||
});
|
|
||||||
|
|
||||||
// <20><><EFBFBD><EFBFBD><EFBFBD>ⲿ<EFBFBD><E2B2BF>֤Cookie
|
|
||||||
context.Services.ConfigureExternalCookie(options =>
|
|
||||||
{
|
|
||||||
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
|
||||||
options.Cookie.SameSite = SameSiteMode.Lax;
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -150,19 +140,17 @@ public class KonSoftAuthServerModule : AbpModule
|
|||||||
if (env.IsDevelopment())
|
if (env.IsDevelopment())
|
||||||
{
|
{
|
||||||
app.UseDeveloperExceptionPage();
|
app.UseDeveloperExceptionPage();
|
||||||
|
app.UseForwardedHeaders();
|
||||||
}
|
}
|
||||||
|
else
|
||||||
app.UseForwardedHeaders(new ForwardedHeadersOptions
|
|
||||||
{
|
|
||||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
|
||||||
});
|
|
||||||
app.UseAbpRequestLocalization();
|
|
||||||
|
|
||||||
if (!env.IsDevelopment())
|
|
||||||
{
|
{
|
||||||
app.UseErrorPage();
|
app.UseErrorPage();
|
||||||
|
app.UseForwardedHeaders();
|
||||||
|
app.UseHsts();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
app.UseAbpRequestLocalization();
|
||||||
|
|
||||||
app.UseCorrelationId();
|
app.UseCorrelationId();
|
||||||
app.UseStaticFiles();
|
app.UseStaticFiles();
|
||||||
app.UseRouting();
|
app.UseRouting();
|
||||||
|
|||||||
Reference in New Issue
Block a user