feat(oauth): add a default cookie options

colinin · colinin · commit b04784c3b650 · 2025-09-05T19:21:32.000+08:00
diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/Bilibili/BilibiliAuthHandlerOptionsProvider.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/Bilibili/BilibiliAuthHandlerOptionsProvider.cs
@@ -25,5 +25,6 @@ public async override Task SetOptionsAsync(BilibiliAuthenticationOptions options
         {
             options.ClientSecret = clientSecret;
         }
+        await base.SetOptionsAsync(options);
     }
 }
diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/GitHub/GitHubAuthHandlerOptionsProvider.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/GitHub/GitHubAuthHandlerOptionsProvider.cs
@@ -25,5 +25,6 @@ public async override Task SetOptionsAsync(GitHubAuthenticationOptions options)
         {
             options.ClientSecret = clientSecret;
         }
+        await base.SetOptionsAsync(options);
     }
 }
diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/OAuthHandlerOptionsProvider.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/OAuthHandlerOptionsProvider.cs
@@ -1,4 +1,5 @@
 ﻿using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
 using System.Threading.Tasks;
 using Volo.Abp.DependencyInjection;
 using Volo.Abp.Settings;
@@ -14,5 +15,12 @@ public OAuthHandlerOptionsProvider(ISettingProvider settingProvider)
         SettingProvider = settingProvider;
     }
 
-    public abstract Task SetOptionsAsync(TOptions options);
+    public virtual Task SetOptionsAsync(TOptions options)
+    {
+        options.CorrelationCookie.SameSite = SameSiteMode.Lax;
+        options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+        options.CorrelationCookie.HttpOnly = true;
+
+        return Task.CompletedTask;
+    }
 }
diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/QQ/QQAuthHandlerOptionsProvider.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/QQ/QQAuthHandlerOptionsProvider.cs
@@ -25,5 +25,6 @@ public async override Task SetOptionsAsync(QQAuthenticationOptions options)
         {
             options.ClientSecret = clientSecret;
         }
+        await base.SetOptionsAsync(options);
     }
 }
diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeChat/WeChatAuthHandlerOptionsProvider.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeChat/WeChatAuthHandlerOptionsProvider.cs
@@ -25,5 +25,6 @@ public async override Task SetOptionsAsync(WeixinAuthenticationOptions options)
         {
             options.ClientSecret = clientSecret;
         }
+        await base.SetOptionsAsync(options);
     }
 }
diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeCom/WeComAuthHandlerOptionsProvider.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Web.OAuth/ExternalProviders/WeCom/WeComAuthHandlerOptionsProvider.cs
@@ -30,5 +30,6 @@ public async override Task SetOptionsAsync(WorkWeixinAuthenticationOptions optio
         {
             options.AgentId = agentId;
         }
+        await base.SetOptionsAsync(options);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -25,5 +25,6 @@ public async override Task SetOptionsAsync(BilibiliAuthenticationOptions options`
`25`	`25`	`{`
`26`	`26`	`options.ClientSecret = clientSecret;`
`27`	`27`	`}`
	`28`	`+ await base.SetOptionsAsync(options);`
`28`	`29`	`}`
`29`	`30`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,5 +30,6 @@ public async override Task SetOptionsAsync(WorkWeixinAuthenticationOptions optio`
`30`	`30`	`{`
`31`	`31`	`options.AgentId = agentId;`
`32`	`32`	`}`
	`33`	`+ await base.SetOptionsAsync(options);`
`33`	`34`	`}`
`34`	`35`	`}`