🐛 fix cookie samesite when request schame is http

jxnkwlp · May 23, 2024 · 02d52f4 · 02d52f4
1 parent b753188
commit 02d52f4
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 20 deletions.
diff --git a/.github/stale.yml → .github/stale.yml.bak b/.github/stale.yml → .github/stale.yml.bak
diff --git a/.github/workflows/build-pack.yml b/.github/workflows/build-pack.yml
@@ -70,7 +70,7 @@ jobs:
       - name: Version check and generate
         run: |
           gitci release changes --output ./changeslog.md
-          gitci version next --format json --output ./version.json --build-ver "${{env.GITHUB_SHA_SHORT}}" 
+          gitci version next --format json --output ./version.json --build-ver "${{env.GITHUB_SHA_SHORT}}"
           ls ./
 
       - id: changes
@@ -120,12 +120,14 @@ jobs:
           # build
           cd ${{github.workspace}}/docker
           docker build -t "${{vars.DOCKER_IMAGE_NAME}}:${{env.GITCI_NEXT_VERSION_MAJOR}}.${{env.GITCI_NEXT_VERSION_MINOR}}.${{env.GITCI_NEXT_VERSION_PATCH}}" .
+          docker build -t "${{vars.DOCKER_IMAGE_NAME}}:${{env.GITCI_NEXT_VERSION_MAJOR}}.${{env.GITCI_NEXT_VERSION_MINOR}}.latest" .
 
       - name: Docker publish
         if: ${{ env.PUSH_DOCKER == 'true' }}
         run: |
           docker login -u ${{vars.DOCKER_USER_NAME}} -p ${{secrets.DOCKER_USER_AK}}
           docker push "${{vars.DOCKER_IMAGE_NAME}}:${{env.GITCI_NEXT_VERSION_MAJOR}}.${{env.GITCI_NEXT_VERSION_MINOR}}.${{env.GITCI_NEXT_VERSION_PATCH}}"
+          docker push "${{vars.DOCKER_IMAGE_NAME}}:${{env.GITCI_NEXT_VERSION_MAJOR}}.${{env.GITCI_NEXT_VERSION_MINOR}}.latest"
 
       - name: Push dotnet package
         #if: steps.changes.outputs.src == 'true'

diff --git a/app/src/Passingwind.WorkflowApp.Web/Properties/launchSettings.json b/app/src/Passingwind.WorkflowApp.Web/Properties/launchSettings.json
@@ -1,4 +1,4 @@
-{
+{
   "iisSettings": {
     "windowsAuthentication": false, 
     "anonymousAuthentication": true,
@@ -16,11 +16,11 @@
       }
     },
     "Project": {
-      "commandName": "Project", 
-      "applicationUrl": "https://localhost:44345",
+      "commandName": "Project",
+      "applicationUrl": "http://localhost:34345;https://localhost:44345",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
     }
   }
-}
+}
diff --git a/app/src/Passingwind.WorkflowApp.Web/WorkflowAppWebModule.cs b/app/src/Passingwind.WorkflowApp.Web/WorkflowAppWebModule.cs
@@ -156,7 +156,12 @@ public override void ConfigureServices(ServiceConfigurationContext context)
             return settings;
         };
 
-        Configure<AbpAntiForgeryOptions>(options => options.AutoValidate = true);
+        Configure<AbpAntiForgeryOptions>(options =>
+        {
+            options.AutoValidate = true;
+            options.TokenCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+            options.TokenCookie.SameSite = SameSiteMode.Lax;
+        });
 
         Configure<AbpClockOptions>(options => options.Kind = DateTimeKind.Utc);
 
@@ -471,17 +476,18 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
             app.UseDeveloperExceptionPage();
         }
 
+        app.UseForwardedHeaders();
+
         app.UseCors();
 
         app.UseResponseCompression();
 
-        // app.UseStatusCodePages();
-
-        app.UseForwardedHeaders();
         app.UseOwlRequestLocalization();
 
         app.UseCorrelationId();
 
+        app.UseCookiePolicy();
+
         app.UseHealthChecks("/health-check");
 
         app.UseStaticFiles();

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,16 +1,17 @@
 FROM mcr.microsoft.com/dotnet/aspnet:8.0
 
-EXPOSE 8080
 ENV TZ=Etc/UTC
+EXPOSE 8080
+ENV ASPNETCORE_HTTP_PORTS=8080
 
-# 
+#
 WORKDIR /app
 
 ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
 
 RUN DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get -y install tzdata
 
-# 
+#
 COPY app /app
 
 ENTRYPOINT ["dotnet", "Passingwind.WorkflowApp.Web.dll"]
diff --git a/docker/README.md b/docker/README.md
@@ -2,22 +2,22 @@
 
 ## Prerequisites
 
-- SqlServer 2012+
-- Redis (optional)
+-   SqlServer 2012+
+-   Redis (optional)
 
 ## Configurations
 
 See [appsettings.json](../app/src/Passingwind.WorkflowApp.Web/appsettings.json) file
 
 All config can be convert from environment variables
-> https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-7.0#naming-of-environment-variables
 
+> https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-7.0#naming-of-environment-variables
 
 ## Docker compose example
 
 [docker-compose.yml](./docker-compose.yml)
 
-``` shell
+```shell
 version: '3.8'
 
 services:
@@ -30,8 +30,8 @@ services:
       ACCEPT_EULA: Y
       MSSQL_SA_PASSWORD: <YourStrong!Passw0rd>
       MSSQL_PID: Express
-      
-  app: 
+
+  app:
     image: passingwind/abp-elsa-app
     restart: unless-stopped
     ports:
@@ -41,7 +41,7 @@ services:
       ConnectionStrings__Default: "Server=db;Database=workflowapp;User Id=sa;Password=<YourStrong!Passw0rd>;TrustServerCertificate=true;"
       Elsa__Server__BaseUrl: "http://localhost:8080"
     # volumes:
-    #   - ./appsettings.json:/app/appsettings.json 
+    #   - ./appsettings.json:/app/appsettings.json
     depends_on:
       - db
 ```
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -21,6 +21,6 @@ services:
       ConnectionStrings__Default: "Server=db;Database=workflowapp;User Id=sa;Password=<YourStrong!Passw0rd>;TrustServerCertificate=true;"
       Elsa__Server__BaseUrl: "http://localhost:8080"
     # volumes:
-    #   - ./appsettings.json:/app/appsettings.json 
+    #   - ./appsettings.json:/app/appsettings.json
     depends_on:
       - db