From 918cad04447f64304ff6cc9052096c23af54cc00 Mon Sep 17 00:00:00 2001 From: colin Date: Wed, 9 Oct 2024 15:14:37 +0800 Subject: [PATCH] =?UTF-8?q?fix(cookie):=20=E4=BF=AE=E5=A4=8D=E7=AC=AC?= =?UTF-8?q?=E4=B8=89=E6=96=B9cookie=E8=AE=A4=E8=AF=81=E6=97=A0=E6=B3=95?= =?UTF-8?q?=E9=87=8D=E5=AE=9A=E5=90=91=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AbpCookieAuthenticationHandler.cs | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/aspnet-core/services/LY.MicroService.Applications.Single/Authentication/AbpCookieAuthenticationHandler.cs b/aspnet-core/services/LY.MicroService.Applications.Single/Authentication/AbpCookieAuthenticationHandler.cs index dda2758a7..08a17beff 100644 --- a/aspnet-core/services/LY.MicroService.Applications.Single/Authentication/AbpCookieAuthenticationHandler.cs +++ b/aspnet-core/services/LY.MicroService.Applications.Single/Authentication/AbpCookieAuthenticationHandler.cs @@ -1,6 +1,7 @@ using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.Extensions.Options; +using Microsoft.Net.Http.Headers; using System.Text.Encodings.Web; using Volo.Abp.Http; @@ -22,15 +23,18 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler ISystemClock clock) : base(options, logger, encoder, clock) { } + + protected const string XRequestFromHeader = "X-Request-From"; + protected const string DontRedirectRequestFromHeader = "vben"; protected override Task InitializeEventsAsync() { var events = new CookieAuthenticationEvents { OnRedirectToLogin = ctx => { - if (ctx.Request.CanAccept(MimeTypes.Application.Json)) + if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal)) { - ctx.Response.Headers.Location = ctx.RedirectUri; + // ctx.Response.Headers.Location = ctx.RedirectUri; ctx.Response.StatusCode = 401; } else @@ -41,10 +45,10 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler }, OnRedirectToAccessDenied = ctx => { - if (ctx.Request.CanAccept(MimeTypes.Application.Json)) + if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal)) { - ctx.Response.Headers.Location = ctx.RedirectUri; - ctx.Response.StatusCode = 403; + // ctx.Response.Headers.Location = ctx.RedirectUri; + ctx.Response.StatusCode = 401; } else { @@ -54,9 +58,10 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler }, OnRedirectToLogout = ctx => { - if (ctx.Request.CanAccept(MimeTypes.Application.Json)) + if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal)) { - ctx.Response.Headers.Location = ctx.RedirectUri; + // ctx.Response.Headers.Location = ctx.RedirectUri; + ctx.Response.StatusCode = 401; } else { @@ -66,9 +71,10 @@ public class AbpCookieAuthenticationHandler : CookieAuthenticationHandler }, OnRedirectToReturnUrl = ctx => { - if (ctx.Request.CanAccept(MimeTypes.Application.Json)) + if (string.Equals(ctx.Request.Headers[XRequestFromHeader], DontRedirectRequestFromHeader, StringComparison.Ordinal)) { - ctx.Response.Headers.Location = ctx.RedirectUri; + // ctx.Response.Headers.Location = ctx.RedirectUri; + ctx.Response.StatusCode = 401; } else {