Make sure the URL and template URL are the same.

modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using IdentityServer4.Models;
 using IdentityServer4.Validation;
@@ -33,7 +34,9 @@ namespace Volo.Abp.IdentityServer
                 var extractResult = FormattedStringValueExtracter.Extract(requestedUri, url, ignoreCase: true);
                 if (extractResult.IsMatch)
                 {
-                    return Task.FromResult(true);
+                    return Task.FromResult(extractResult.Matches
+                        .Aggregate(url, (current, nameValue) => current.Replace($"{{{nameValue.Name}}}", nameValue.Value))
+                        .Contains(requestedUri, StringComparison.OrdinalIgnoreCase));
                 }
 
                 if (url.Replace("{0}.", "").Contains(requestedUri, StringComparison.OrdinalIgnoreCase))

modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpWildcardSubdomainCorsPolicyService.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Linq;
 using System.Threading.Tasks;
 using IdentityServer4.Configuration;
 using Microsoft.Extensions.Options;
@@ -32,7 +33,8 @@ namespace Volo.Abp.IdentityServer
                 var extractResult = FormattedStringValueExtracter.Extract(origin, url, ignoreCase: true);
                 if (extractResult.IsMatch)
                 {
-                    return true;
+                    return extractResult.Matches.Aggregate(url, (current, nameValue) => current.Replace($"{{{nameValue.Name}}}", nameValue.Value))
+                        .Contains(origin, StringComparison.OrdinalIgnoreCase);
                 }
 
                 if (url.Replace("{0}.", "").Contains(origin, StringComparison.OrdinalIgnoreCase))

modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs

@@ -54,6 +54,7 @@ namespace Volo.Abp.IdentityServer
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeTrue();
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse();
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://t1.ng.abp.io/index.html.mydomain.com", _testClient)).ShouldBeFalse();
         }
 
         [Fact]
@@ -68,6 +69,7 @@ namespace Volo.Abp.IdentityServer
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeTrue();
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse();
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://t1.ng.abp.io/index.html.mydomain.com", _testClient)).ShouldBeFalse();
         }
     }
 }

modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpWildcardSubdomainCorsPolicyService_Tests.cs

@@ -35,6 +35,8 @@ namespace Volo.Abp.IdentityServer
             (await _corsPolicyService.IsOriginAllowedAsync("https://abp.io")).ShouldBeTrue();
             (await _corsPolicyService.IsOriginAllowedAsync("https://t1.abp.io")).ShouldBeTrue();
             (await _corsPolicyService.IsOriginAllowedAsync("https://t1.ng.abp.io")).ShouldBeTrue();
+
+            (await _corsPolicyService.IsOriginAllowedAsync("https://t1.abp.io.mydomain.com")).ShouldBeFalse();
         }
     }
 }