Merge pull request #1253 from colinin/fix-cors-config

colinin · web-flow · commit 82e88606bcd5 · 2025-06-23T15:28:03.000+08:00
fix(cors): Fix the cors configuration error
diff --git a/aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs b/aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs
@@ -4,7 +4,6 @@ namespace LY.MicroService.Applications.Single;
 
 public partial class MicroServiceApplicationsSingleModule
 {
-    protected const string DefaultCorsPolicyName = "Default";
     public static string ApplicationName { get; set; } = "MicroService-Applications-Single";
     private readonly static OneTimeRunner OneTimeRunner = new();
 
@@ -895,7 +894,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs
@@ -392,7 +392,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs
@@ -178,7 +178,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         // 路由
         app.UseRouting();
         // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         // 认证
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();
diff --git a/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs
@@ -55,7 +55,6 @@ namespace LY.MicroService.IdentityServer;
 public partial class IdentityServerHttpApiHostModule
 {
     public static string ApplicationName { get; set; }  = "IdentityService";
-    protected const string DefaultCorsPolicyName = "Default";
     private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();
 
     private void PreConfigureFeature()
@@ -414,7 +413,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs
@@ -133,7 +133,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         // 路由
         app.UseRouting();
         // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         // 认证
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();
diff --git a/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.Configure.cs b/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.Configure.cs
@@ -381,7 +381,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.cs b/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.cs
@@ -78,8 +78,6 @@ namespace LY.MicroService.IdentityServer;
     )]
 public partial class IdentityServerModule : AbpModule
 {
-    private const string DefaultCorsPolicyName = "Default";
-
     public override void PreConfigureServices(ServiceConfigurationContext context)
     {
         var configuration = context.Services.GetConfiguration();
@@ -137,7 +135,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         app.UseCorrelationId();
         app.MapAbpStaticAssets();
         app.UseRouting();
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();
         app.UseMultiTenancy();
diff --git a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs
@@ -46,7 +46,6 @@ namespace LY.MicroService.LocalizationManagement;
 public partial class LocalizationManagementHttpApiHostModule
 {
     public static string ApplicationName { get; set; } = "LocalizationService";
-    protected const string DefaultCorsPolicyName = "Default";
     private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();
 
     private void PreConfigureFeature()
@@ -299,7 +298,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs
@@ -115,7 +115,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         // 路由
         app.UseRouting();
         // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         // 认证
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();
diff --git a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs
@@ -57,7 +57,6 @@ namespace LY.MicroService.PlatformManagement;
 public partial class PlatformManagementHttpApiHostModule
 {
     public static string ApplicationName { get; set; } = "PlatformService";
-    protected const string DefaultCorsPolicyName = "Default";
     private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();
 
     private void PreConfigureFeature()
@@ -376,7 +375,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs
@@ -177,7 +177,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         // 路由
         app.UseRouting();
         // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         // 认证
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();
diff --git a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs
@@ -370,7 +370,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs
@@ -128,8 +128,6 @@ namespace LY.MicroService.RealtimeMessage;
     )]
 public partial class RealtimeMessageHttpApiHostModule : AbpModule
 {
-    private const string DefaultCorsPolicyName = "Default";
-
     public override void PreConfigureServices(ServiceConfigurationContext context)
     {
         var configuration = context.Services.GetConfiguration();
@@ -183,7 +181,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         // 路由
         app.UseRouting();
         // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         // 认证
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();
diff --git a/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs
@@ -48,7 +48,6 @@ namespace LY.MicroService.TaskManagement;
 
 public partial class TaskManagementHttpApiHostModule
 {
-    protected const string DefaultCorsPolicyName = "Default";
     public static string ApplicationName { get; set; } = "TaskService";
     private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();
 
@@ -201,7 +200,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.cs
@@ -136,7 +136,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         app.MapAbpStaticAssets();
         app.UseCorrelationId();
         app.UseRouting();
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();
         app.UseMultiTenancy();
diff --git a/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs
@@ -14,6 +14,7 @@
 using Medallion.Threading.Redis;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
@@ -27,6 +28,7 @@
 using StackExchange.Redis;
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using Volo.Abp;
@@ -402,6 +404,29 @@ private void ConfigureLocalization()
         });
     }
 
+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddDefaultPolicy(builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    .WithAbpWrapExposedHeaders()
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
     private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
     {
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
diff --git a/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.cs
@@ -125,6 +125,7 @@ public override void ConfigureServices(ServiceConfigurationContext context)
         ConfigureWebhooks(context.Services);
         ConfigureJsonSerializer(configuration);
         ConfigureMvc(context.Services, configuration);
+        ConfigureCors(context.Services, configuration);
         ConfigureDistributedLock(context.Services, configuration);
         ConfigureBackgroundTasks(context.Services, configuration);
         ConfigureSeedWorker(context.Services, hostingEnvironment.IsDevelopment());
diff --git a/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs
@@ -10,6 +10,7 @@
 using Medallion.Threading.Redis;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
@@ -21,6 +22,7 @@
 using StackExchange.Redis;
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using Volo.Abp;
@@ -352,6 +354,29 @@ private void ConfigureLocalization()
         });
     }
 
+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddDefaultPolicy(builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    .WithAbpWrapExposedHeaders()
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
     private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
     {
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
diff --git a/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.cs
@@ -108,6 +108,7 @@ public override void ConfigureServices(ServiceConfigurationContext context)
         ConfigureSwagger(context.Services);
         ConfigureJsonSerializer(configuration);
         ConfigureMvc(context.Services, configuration);
+        ConfigureCors(context.Services, configuration);
         ConfigureDistributedLock(context.Services, configuration);
         ConfigureSecurity(context.Services, configuration, hostingEnvironment.IsDevelopment());
     }
diff --git a/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs b/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs
@@ -54,7 +54,6 @@ namespace LY.MicroService.WorkflowManagement;
 public partial class WorkflowManagementHttpApiHostModule
 {
     public static string ApplicationName { get; set; } = "WorkflowService";
-    private const string DefaultCorsPolicyName = "Default";
     private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();
 
     private void PreConfigureFeature()
@@ -488,7 +487,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura
     {
         services.AddCors(options =>
         {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
             {
                 builder
                     .WithOrigins(
diff --git a/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.cs b/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.cs
@@ -145,7 +145,7 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
         app.UseCorrelationId();
         app.MapAbpStaticAssets();
         app.UseRouting();
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
         app.UseElsaFeatures();
         app.UseAuthentication();
         app.UseJwtTokenMiddleware();

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ namespace LY.MicroService.Applications.Single;`
`4`	`4`
`5`	`5`	`public partial class MicroServiceApplicationsSingleModule`
`6`	`6`	`{`
`7`		`- protected const string DefaultCorsPolicyName = "Default";`
`8`	`7`	`public static string ApplicationName { get; set; } = "MicroService-Applications-Single";`
`9`	`8`	`private readonly static OneTimeRunner OneTimeRunner = new();`
`10`	`9`
`@@ -895,7 +894,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura`
`895`	`894`	`{`
`896`	`895`	`services.AddCors(options =>`
`897`	`896`	`{`
`898`		`- options.AddPolicy(DefaultCorsPolicyName, builder =>`
	`897`	`+ options.AddDefaultPolicy(builder =>`
`899`	`898`	`{`
`900`	`899`	`builder`
`901`	`900`	`.WithOrigins(`
Original file line number	Diff line number	Diff line change
`@@ -392,7 +392,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura`
`392`	`392`	`{`
`393`	`393`	`services.AddCors(options =>`
`394`	`394`	`{`
`395`		`- options.AddPolicy(DefaultCorsPolicyName, builder =>`
	`395`	`+ options.AddDefaultPolicy(builder =>`
`396`	`396`	`{`
`397`	`397`	`builder`
`398`	`398`	`.WithOrigins(`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,6 @@ namespace LY.MicroService.IdentityServer;`
`55`	`55`	`public partial class IdentityServerHttpApiHostModule`
`56`	`56`	`{`
`57`	`57`	`public static string ApplicationName { get; set; } = "IdentityService";`
`58`		`- protected const string DefaultCorsPolicyName = "Default";`
`59`	`58`	`private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();`
`60`	`59`
`61`	`60`	`private void PreConfigureFeature()`
`@@ -414,7 +413,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura`
`414`	`413`	`{`
`415`	`414`	`services.AddCors(options =>`
`416`	`415`	`{`
`417`		`- options.AddPolicy(DefaultCorsPolicyName, builder =>`
	`416`	`+ options.AddDefaultPolicy(builder =>`
`418`	`417`	`{`
`419`	`418`	`builder`
`420`	`419`	`.WithOrigins(`
Original file line number	Diff line number	Diff line change
`@@ -381,7 +381,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura`
`381`	`381`	`{`
`382`	`382`	`services.AddCors(options =>`
`383`	`383`	`{`
`384`		`- options.AddPolicy(DefaultCorsPolicyName, builder =>`
	`384`	`+ options.AddDefaultPolicy(builder =>`
`385`	`385`	`{`
`386`	`386`	`builder`
`387`	`387`	`.WithOrigins(`
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,6 @@ namespace LY.MicroService.LocalizationManagement;`
`46`	`46`	`public partial class LocalizationManagementHttpApiHostModule`
`47`	`47`	`{`
`48`	`48`	`public static string ApplicationName { get; set; } = "LocalizationService";`
`49`		`- protected const string DefaultCorsPolicyName = "Default";`
`50`	`49`	`private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();`
`51`	`50`
`52`	`51`	`private void PreConfigureFeature()`
`@@ -299,7 +298,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura`
`299`	`298`	`{`
`300`	`299`	`services.AddCors(options =>`
`301`	`300`	`{`
`302`		`- options.AddPolicy(DefaultCorsPolicyName, builder =>`
	`301`	`+ options.AddDefaultPolicy(builder =>`
`303`	`302`	`{`
`304`	`303`	`builder`
`305`	`304`	`.WithOrigins(`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,6 @@ namespace LY.MicroService.PlatformManagement;`
`57`	`57`	`public partial class PlatformManagementHttpApiHostModule`
`58`	`58`	`{`
`59`	`59`	`public static string ApplicationName { get; set; } = "PlatformService";`
`60`		`- protected const string DefaultCorsPolicyName = "Default";`
`61`	`60`	`private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();`
`62`	`61`
`63`	`62`	`private void PreConfigureFeature()`
`@@ -376,7 +375,7 @@ private void ConfigureCors(IServiceCollection services, IConfiguration configura`
`376`	`375`	`{`
`377`	`376`	`services.AddCors(options =>`
`378`	`377`	`{`
`379`		`- options.AddPolicy(DefaultCorsPolicyName, builder =>`
	`378`	`+ options.AddDefaultPolicy(builder =>`
`380`	`379`	`{`
`381`	`380`	`builder`
`382`	`381`	`.WithOrigins(`