在《ABP非SSL網站登錄問題的原因》中,我們分析了問題的原因,這裏給出解決辦法。
首先在ABP的.Web項目中增加如下擴展:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
namespace Microsoft.Extensions.DependencyInjection
{
public static class SameSiteCookiesServiceCollectionExtensions
{
public static IServiceCollection AddSameSiteCookiePolicy(this IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
options.OnAppendCookie = cookieContext =>
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
options.OnDeleteCookie = cookieContext =>
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions);
});
return services;
}
private static void CheckSameSite(HttpContext httpContext, CookieOptions options)
{
if (options.SameSite == SameSiteMode.None)
{
if (!httpContext.Request.IsHttps)
{
options.SameSite = SameSiteMode.Unspecified;
}
}
}
}
然後,在項目的WebModule.cs類ConfigureServices()中增加:
context.Services.AddSameSiteCookiePolicy();
最後,在OnApplicationInitialization()方法中增加 app.UseCookiePolicy();
比如:
public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
var app = context.GetApplicationBuilder();
var env = context.GetEnvironment();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAbpRequestLocalization();
if (!env.IsDevelopment())
{
app.UseErrorPage();
}
//20210113
app.UseCookiePolicy();