fix(cors): fix cors request not returned custom headers

4 years ago · e2ddb762b7
22 changed files with 276 additions and 32 deletions
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.BlobStoring.Tencent/FodyWeavers.xml
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.BlobStoring.Tencent/FodyWeavers.xml
@ -0,0 +1,3 @@
+<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
+  <ConfigureAwait ContinueOnCapturedContext="false" />
+</Weavers>
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.BlobStoring.Tencent/FodyWeavers.xsd
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.BlobStoring.Tencent/FodyWeavers.xsd
@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
+  <xs:element name="Weavers">
+    <xs:complexType>
+      <xs:all>
+        <xs:element name="ConfigureAwait" minOccurs="0" maxOccurs="1">
+          <xs:complexType>
+            <xs:attribute name="ContinueOnCapturedContext" type="xs:boolean" />
+          </xs:complexType>
+        </xs:element>
+      </xs:all>
+      <xs:attribute name="VerifyAssembly" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="VerifyIgnoreCodes" type="xs:string">
+        <xs:annotation>
+          <xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="GenerateXsd" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Sms.Tencent/FodyWeavers.xml
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Sms.Tencent/FodyWeavers.xml
@ -0,0 +1,3 @@
+<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
+  <ConfigureAwait ContinueOnCapturedContext="false" />
+</Weavers>
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent.SettingManagement/FodyWeavers.xml
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent.SettingManagement/FodyWeavers.xml
@ -0,0 +1,3 @@
+<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
+  <ConfigureAwait ContinueOnCapturedContext="false" />
+</Weavers>
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent.SettingManagement/FodyWeavers.xsd
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent.SettingManagement/FodyWeavers.xsd
@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
+  <xs:element name="Weavers">
+    <xs:complexType>
+      <xs:all>
+        <xs:element name="ConfigureAwait" minOccurs="0" maxOccurs="1">
+          <xs:complexType>
+            <xs:attribute name="ContinueOnCapturedContext" type="xs:boolean" />
+          </xs:complexType>
+        </xs:element>
+      </xs:all>
+      <xs:attribute name="VerifyAssembly" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="VerifyIgnoreCodes" type="xs:string">
+        <xs:annotation>
+          <xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="GenerateXsd" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent.SettingManagement/LINGYUN/Abp/Tencent/SettingManagement/TenantCloudSettingAppService.cs
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent.SettingManagement/LINGYUN/Abp/Tencent/SettingManagement/TenantCloudSettingAppService.cs
@ -18,18 +18,15 @@ public class TenantCloudSettingAppService : ApplicationService, ITenantCloudSett
    protected ISettingManager SettingManager { get; }
    protected IPermissionChecker PermissionChecker { get; }
    protected ISettingDefinitionManager SettingDefinitionManager { get; }
-    protected ITencentCloudClientFactory TencentCloudClientFactory { get; }

    public TenantCloudSettingAppService(
        ISettingManager settingManager,
        IPermissionChecker permissionChecker,
-        ISettingDefinitionManager settingDefinitionManager,
-        ITencentCloudClientFactory tencentCloudClientFactory)
+        ISettingDefinitionManager settingDefinitionManager)
    {
        SettingManager = settingManager;
        PermissionChecker = permissionChecker;
        SettingDefinitionManager = settingDefinitionManager;
-        TencentCloudClientFactory = tencentCloudClientFactory;

        LocalizationResource = typeof(TencentCloudResource);
    }
@ -76,6 +73,12 @@ public class TenantCloudSettingAppService : ApplicationService, ITenantCloudSett
                await SettingManager.GetOrNullAsync(TencentCloudSettingNames.SecretKey, providerName, providerKey),
                ValueType.String,
                providerName);
+            basicSetting.AddDetail(
+                SettingDefinitionManager.Get(TencentCloudSettingNames.DurationSecond),
+                StringLocalizerFactory,
+                await SettingManager.GetOrNullAsync(TencentCloudSettingNames.SecretKey, providerName, providerKey),
+                ValueType.Number,
+                providerName);

            #endregion

--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/AbpTencentCloudModule.cs
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/AbpTencentCloudModule.cs
@ -28,7 +28,7 @@ namespace LINGYUN.Abp.Tencent
                    .AddVirtualJson("/LINGYUN/Abp/Tencent/Localization/Resources");
            });

-            context.Services.AddTransient<TencentCloudClientFactory<>>();
+            context.Services.AddTransient(typeof(TencentCloudClientFactory<>));
            //Configure<AbpTencentCloudOptions>(options =>
            //{
            //    按照腾讯SDK, 所有客户端都有三个参数组成, 暂时设计为通过反射构造函数来创建客户端
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/Localization/Resources/en.json
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/Localization/Resources/en.json
@ -12,6 +12,8 @@
    "Description:SecretId": "The Secret Id can be obtained only from Tencent Cloud Management Console.",
    "DisplayName:SecretKey": "Secret Key",
    "Description:SecretKey": "The Secret Key can be obtained only from Tencent Cloud Management Console.",
+    "DisplayName:DurationSecond": "Duration Seconds",
+    "Description:DurationSecond": "Duration Seconds",
    "DisplayName:HttpMethod": "Http Method",
    "Description:HttpMethod": "The SDK uses the POST method by default, but if you must use the GET method, you can set it here. The GET method cannot handle some large requests.",
    "DisplayName:Timeout": "Timeout",
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/Localization/Resources/zh-Hans.json
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/Localization/Resources/zh-Hans.json
@ -12,6 +12,8 @@
    "Description:SecretId": "密钥Id，只能从腾讯云管理控制台获取。",
    "DisplayName:SecretKey": "密钥Key",
    "Description:SecretKey": "密钥Key，只能从腾讯云管理控制台获取。",
+    "DisplayName:DurationSecond": "持续时间",
+    "Description:DurationSecond": "会话持续时长,单位(秒)",
    "DisplayName:HttpMethod": "请求类型",
    "Description:HttpMethod": "SDK默认使用POST方法，如果你一定要使用GET方法，可以在这里设置。GET方法无法处理一些较大的请求。",
    "DisplayName:Timeout": "超时时间",
--- a/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/Settings/TencentCloudSettingDefinitionProvider.cs
+++ b/aspnet-core/modules/cloud-tencent/LINGYUN.Abp.Tencent/LINYUN/Abp/Tencent/Settings/TencentCloudSettingDefinitionProvider.cs
@ -46,6 +46,17 @@ public class TencentCloudSettingDefinitionProvider : SettingDefinitionProvider
                    isVisibleToClients: false,
                    isEncrypted: true
                )
+                .WithProviders(
+                    DefaultValueSettingValueProvider.ProviderName,
+                    GlobalSettingValueProvider.ProviderName,
+                    TenantSettingValueProvider.ProviderName),
+                new SettingDefinition(
+                    TencentCloudSettingNames.DurationSecond,
+                    defaultValue: "600",
+                    displayName: L("DisplayName:DurationSecond"),
+                    description: L("Description:DurationSecond"),
+                    isVisibleToClients: false
+                )
                .WithProviders(
                    DefaultValueSettingValueProvider.ProviderName,
                    GlobalSettingValueProvider.ProviderName,
--- a/aspnet-core/modules/oss-management/LINGYUN.Abp.OssManagement.Tencent/FodyWeavers.xsd
+++ b/aspnet-core/modules/oss-management/LINGYUN.Abp.OssManagement.Tencent/FodyWeavers.xsd
@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+  <!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
+  <xs:element name="Weavers">
+    <xs:complexType>
+      <xs:all>
+        <xs:element name="ConfigureAwait" minOccurs="0" maxOccurs="1">
+          <xs:complexType>
+            <xs:attribute name="ContinueOnCapturedContext" type="xs:boolean" />
+          </xs:complexType>
+        </xs:element>
+      </xs:all>
+      <xs:attribute name="VerifyAssembly" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="VerifyIgnoreCodes" type="xs:string">
+        <xs:annotation>
+          <xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+      <xs:attribute name="GenerateXsd" type="xs:boolean">
+        <xs:annotation>
+          <xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
+        </xs:annotation>
+      </xs:attribute>
+    </xs:complexType>
+  </xs:element>
+</xs:schema>
--- a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs
@ -4,6 +4,7 @@ using LINGYUN.Abp.ExceptionHandling.Emailing;
 using LINGYUN.Abp.Localization.CultureMap;
 using LINGYUN.Abp.Serilog.Enrichers.Application;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
 using Microsoft.Extensions.Configuration;
@ -11,6 +12,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 using StackExchange.Redis;
 using System;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using Volo.Abp;
@ -31,6 +33,7 @@ namespace LY.MicroService.BackendAdmin;

 public partial class BackendAdminHttpApiHostModule
 {
+    protected const string DefaultCorsPolicyName = "Default";
    private void PreConfigureApp()
    {
        AbpSerilogEnrichersConsts.ApplicationName = "Backend-Admin";
@ -256,6 +259,30 @@ public partial class BackendAdminHttpApiHostModule
        });
    }

+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
+                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
    private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
--- a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs
@ -95,15 +95,16 @@ public partial class BackendAdminHttpApiHostModule : AbpModule
        var configuration = context.Services.GetConfiguration();

        ConfigureDbContext();
+        ConfigureLocalization();
        ConfigureJsonSerializer();
-        ConfigurePermissionManagement();
        ConfigureExceptionHandling();
-        ConfigureCaching(configuration);
        ConfigureVirtualFileSystem();
-        ConfigureMultiTenancy(configuration);
+        ConfigurePermissionManagement();
+        ConfigureCaching(configuration);
        ConfigureAuditing(configuration);
        ConfigureSwagger(context.Services);
-        ConfigureLocalization();
+        ConfigureMultiTenancy(configuration);
+        ConfigureCors(context.Services, configuration);
        ConfigureSecurity(context.Services, configuration, hostingEnvironment.IsDevelopment());
    }

@ -114,8 +115,10 @@ public partial class BackendAdminHttpApiHostModule : AbpModule
        app.UseCorrelationId();
        // 虚拟文件系统
        app.UseStaticFiles();
-        //路由
+        // 路由
        app.UseRouting();
+        // 跨域
+        app.UseCors(DefaultCorsPolicyName);
        // 认证
        app.UseAuthentication();
        // jwt
--- a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs
@ -4,6 +4,7 @@ using LINGYUN.Abp.ExceptionHandling.Emailing;
 using LINGYUN.Abp.Localization.CultureMap;
 using LINGYUN.Abp.Serilog.Enrichers.Application;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
 using Microsoft.Extensions.Configuration;
@ -11,6 +12,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 using StackExchange.Redis;
 using System;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using Volo.Abp;
@ -28,6 +30,8 @@ namespace LY.MicroService.LocalizationManagement;

 public partial class LocalizationManagementHttpApiHostModule
 {
+    protected const string DefaultCorsPolicyName = "Default";
+
    private void PreConfigureApp()
    {
        AbpSerilogEnrichersConsts.ApplicationName = "Localization";
@ -205,6 +209,30 @@ public partial class LocalizationManagementHttpApiHostModule
        });
    }

+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
+                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
    private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
--- a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs
@ -65,14 +65,15 @@ namespace LY.MicroService.LocalizationManagement
            var configuration = context.Services.GetConfiguration();

            ConfigureDbContext();
+            ConfigureLocalization();
            ConfigureJsonSerializer();
            ConfigreExceptionHandling();
-            ConfigureAuditing(configuration);
-            ConfigureCaching(configuration);
            ConfigureVirtualFileSystem();
-            ConfigureMultiTenancy(configuration);
-            ConfigureLocalization();
+            ConfigureCaching(configuration);
+            ConfigureAuditing(configuration);
            ConfigureSwagger(context.Services);
+            ConfigureMultiTenancy(configuration);
+            ConfigureCors(context.Services, configuration);
            ConfigureSecurity(context.Services, configuration, hostingEnvironment.IsDevelopment());
        }

@ -85,8 +86,10 @@ namespace LY.MicroService.LocalizationManagement
            app.UseCorrelationId();
            // 虚拟文件系统
            app.UseStaticFiles();
-            //路由
+            // 路由
            app.UseRouting();
+            // 跨域
+            app.UseCors(DefaultCorsPolicyName);
            // 认证
            app.UseAuthentication();
            // jwt
--- a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs
@ -4,6 +4,7 @@ using LINGYUN.Abp.ExceptionHandling.Emailing;
 using LINGYUN.Abp.Localization.CultureMap;
 using LINGYUN.Abp.Serilog.Enrichers.Application;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
@ -13,6 +14,7 @@ using Microsoft.OpenApi.Models;
 using StackExchange.Redis;
 using System;
 using System.IO;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using System.Threading.Tasks;
@ -32,6 +34,8 @@ namespace LY.MicroService.PlatformManagement;

 public partial class PlatformManagementHttpApiHostModule
 {
+    protected const string DefaultCorsPolicyName = "Default";
+
    private void PreConfigureApp()
    {
        AbpSerilogEnrichersConsts.ApplicationName = "Platform";
@ -251,6 +255,30 @@ public partial class PlatformManagementHttpApiHostModule
        });
    }

+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
+                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
    private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
--- a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs
@ -92,16 +92,17 @@ public partial class PlatformManagementHttpApiHostModule : AbpModule
        var configuration = context.Services.GetConfiguration();

        ConfigureDbContext();
-        ConfigureJsonSerializer();
-        ConfigureKestrelServer();
        ConfigureBlobStoring();
+        ConfigureLocalization();
+        ConfigureKestrelServer();
+        ConfigureJsonSerializer();
        ConfigreExceptionHandling();
-        ConfigureCaching(configuration);
        ConfigureVirtualFileSystem();
-        ConfigureMultiTenancy(configuration);
+        ConfigureCaching(configuration);
        ConfigureAuditing(configuration);
        ConfigureSwagger(context.Services);
-        ConfigureLocalization();
+        ConfigureMultiTenancy(configuration);
+        ConfigureCors(context.Services, configuration);
        ConfigureSecurity(context.Services, configuration, hostingEnvironment.IsDevelopment());
    }

@ -113,8 +114,10 @@ public partial class PlatformManagementHttpApiHostModule : AbpModule
        app.UseCorrelationId();
        // 虚拟文件系统
        app.UseStaticFiles();
-        //路由
+        // 路由
        app.UseRouting();
+        // 跨域
+        app.UseCors(DefaultCorsPolicyName);
        // 认证
        app.UseAuthentication();
        // jwt
--- a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs
@ -230,6 +230,8 @@ public partial class RealtimeMessageHttpApiHostModule
                            .ToArray()
                    )
                    .WithAbpExposedHeaders()
+                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
+                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
                    .SetIsOriginAllowedToAllowWildcardSubdomains()
                    .AllowAnyHeader()
                    .AllowAnyMethod()
--- a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs
@ -88,16 +88,16 @@ namespace LY.MicroService.RealtimeMessage
            var configuration = context.Services.GetConfiguration();

            ConfigureDbContext();
+            ConfigureLocalization();
            ConfigureJsonSerializer();
            ConfigreExceptionHandling();
            ConfigureVirtualFileSystem();
-            ConfigureMultiTenancy(configuration);
            ConfigureCaching(configuration);
-            ConfigureSwagger(context.Services);
-            ConfigureCors(context.Services, configuration);
-            ConfigureLocalization();
            ConfigureAuditing(configuration);
+            ConfigureSwagger(context.Services);
+            ConfigureMultiTenancy(configuration);
            ConfigureHangfireServer(context.Services);
+            ConfigureCors(context.Services, configuration);
            ConfigureSecurity(context.Services, configuration, hostingEnvironment.IsDevelopment());
        }

@ -108,7 +108,7 @@ namespace LY.MicroService.RealtimeMessage
            app.UseCorrelationId();
            // 虚拟文件系统
            app.UseStaticFiles();
-            //路由
+            // 路由
            app.UseRouting();
            // 跨域
            app.UseCors(DefaultCorsPolicyName);
--- a/aspnet-core/services/LY.MicroService.identityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.identityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs
@ -4,6 +4,7 @@ using LINGYUN.Abp.ExceptionHandling.Emailing;
 using LINGYUN.Abp.Localization.CultureMap;
 using LINGYUN.Abp.Serilog.Enrichers.Application;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
@ -12,6 +13,7 @@ using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
 using StackExchange.Redis;
 using System;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using Volo.Abp;
@ -32,6 +34,8 @@ namespace LY.MicroService.IdentityServer;

 public partial class IdentityServerHttpApiHostModule
 {
+    protected const string DefaultCorsPolicyName = "Default";
+
    private void PreConfigureApp()
    {
        AbpSerilogEnrichersConsts.ApplicationName = "Identity-Server-Admin";
@ -251,6 +255,30 @@ public partial class IdentityServerHttpApiHostModule
        });
    }

+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
+                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
    private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
--- a/aspnet-core/services/LY.MicroService.identityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.identityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs
@ -72,15 +72,16 @@ public partial class IdentityServerHttpApiHostModule : AbpModule
        var configuration = context.Services.GetConfiguration();

        ConfigureDbContext();
+        ConfigureLocalization();
        ConfigureJsonSerializer();
-        ConfigurePermissionManagement();
        ConfigreExceptionHandling();
-        ConfigureAuditing(configuration);
-        ConfigureCaching(configuration);
        ConfigureVirtualFileSystem();
-        ConfigureMultiTenancy(configuration);
+        ConfigurePermissionManagement();
+        ConfigureCaching(configuration);
+        ConfigureAuditing(configuration);
        ConfigureSwagger(context.Services);
-        ConfigureLocalization();
+        ConfigureMultiTenancy(configuration);
+        ConfigureCors(context.Services, configuration);
        ConfigureSecurity(context.Services, configuration, hostingEnvironment.IsDevelopment());
    }

@ -91,8 +92,10 @@ public partial class IdentityServerHttpApiHostModule : AbpModule
        app.UseCorrelationId();
        // 虚拟文件系统
        app.UseStaticFiles();
-        //路由
+        // 路由
        app.UseRouting();
+        // 跨域
+        app.UseCors(DefaultCorsPolicyName);
        // 认证
        app.UseAuthentication();
        app.UseAbpClaimsMap();
--- a/aspnet-core/services/LY.MicroService.identityServer/IdentityServerModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.identityServer/IdentityServerModule.Configure.cs
@ -246,6 +246,8 @@ public partial class IdentityServerModule
                            .ToArray()
                    )
                    .WithAbpExposedHeaders()
+                    // 引用 LINGYUN.Abp.AspNetCore.Mvc.Wrapper 包时可替换为 WithAbpWrapExposedHeaders
+                    .WithExposedHeaders("_AbpWrapResult", "_AbpDontWrapResult")
                    .SetIsOriginAllowedToAllowWildcardSubdomains()
                    .AllowAnyHeader()
                    .AllowAnyMethod()