feat(oauth): add a default cookie options

7 months ago · b04784c3b6
6 changed files with 14 additions and 1 deletions
--- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/Bilibili/BilibiliAuthHandlerOptionsProvider.cs
+++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/Bilibili/BilibiliAuthHandlerOptionsProvider.cs
@ -25,5 +25,6 @@ public class BilibiliAuthHandlerOptionsProvider : OAuthHandlerOptionsProvider<Bi
        {
            options.ClientSecret = clientSecret;
        }
+        await base.SetOptionsAsync(options);
    }
 }
--- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/GitHub/GitHubAuthHandlerOptionsProvider.cs
+++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/GitHub/GitHubAuthHandlerOptionsProvider.cs
@ -25,5 +25,6 @@ public class GitHubAuthHandlerOptionsProvider : OAuthHandlerOptionsProvider<GitH
        {
            options.ClientSecret = clientSecret;
        }
+        await base.SetOptionsAsync(options);
    }
 }
--- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/OAuthHandlerOptionsProvider.cs
+++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/OAuthHandlerOptionsProvider.cs
@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
 using System.Threading.Tasks;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Settings;
@ -14,5 +15,12 @@ public abstract class OAuthHandlerOptionsProvider<TOptions> : IOAuthHandlerOptio
        SettingProvider = settingProvider;
    }

-    public abstract Task SetOptionsAsync(TOptions options);
+    public virtual Task SetOptionsAsync(TOptions options)
+    {
+        options.CorrelationCookie.SameSite = SameSiteMode.Lax;
+        options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+        options.CorrelationCookie.HttpOnly = true;
+
+        return Task.CompletedTask;
+    }
 }
--- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/QQ/QQAuthHandlerOptionsProvider.cs
+++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/QQ/QQAuthHandlerOptionsProvider.cs
@ -25,5 +25,6 @@ public class QQAuthHandlerOptionsProvider : OAuthHandlerOptionsProvider<QQAuthen
        {
            options.ClientSecret = clientSecret;
        }
+        await base.SetOptionsAsync(options);
    }
 }
--- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeChat/WeChatAuthHandlerOptionsProvider.cs
+++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeChat/WeChatAuthHandlerOptionsProvider.cs
@ -25,5 +25,6 @@ public class WeChatAuthHandlerOptionsProvider : OAuthHandlerOptionsProvider<Weix
        {
            options.ClientSecret = clientSecret;
        }
+        await base.SetOptionsAsync(options);
    }
 }
--- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeCom/WeComAuthHandlerOptionsProvider.cs
+++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeCom/WeComAuthHandlerOptionsProvider.cs
@ -30,5 +30,6 @@ public class WeComAuthHandlerOptionsProvider : OAuthHandlerOptionsProvider<WorkW
        {
            options.AgentId = agentId;
        }
+        await base.SetOptionsAsync(options);
    }
 }