# 安全配置

<cite>
**本文档中引用的文件**  
- [appsettings.json](file://aspnet-core/services/LY.MicroService.Applications.Single/appsettings.json)
- [appsettings.json](file://aspnet-core/services/LY.MicroService.AuthServer/appsettings.json)
- [MicroServiceApplicationsSingleModule.Configure.cs](file://aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs)
- [BackendAdminHttpApiHostModule.Configure.cs](file://aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs)
- [SameSiteCookiesServiceCollectionExtensions.cs](file://aspnet-core/services/LY.MicroService.Applications.Single/Microsoft/Extensions/DependencyInjection/SameSiteCookiesServiceCollectionExtensions.cs)
- [Program.cs](file://aspnet-core/services/LY.MicroService.WorkflowManagement.Next.HttpApi.Host/Program.cs)
- [yarp.json](file://gateways/internal/LINGYUN.MicroService.Internal.ApiGateway/src/LINGYUN.MicroService.Internal.Gateway/yarp.json)
- [AbpAspNetCoreHttpOverridesModule.cs](file://aspnet-core/framework/common/LINGYUN.Abp.AspNetCore.HttpOverrides/LINGYUN/Abp/AspNetCore/HttpOverrides/AbpAspNetCoreHttpOverridesModule.cs)
</cite>

## 目录
1. [简介](#简介)
2. [CORS策略配置](#cors策略配置)
3. [HTTPS强制与SSL配置](#https强制与ssl配置)
4. [安全头设置](#安全头设置)
5. [反请求伪造（CSRF）保护](#反请求伪造csrf保护)
6. [Cookie安全配置](#cookie安全配置)
7. [网关层安全配置