.net core从版本 3.0 迁移到 3.1引发的BUG
前几天微软的.net core3.1发布后,随把visual studio 2019升级到16.4.1版本并把项目进行框架升级。升级后的项目在IdentityServer4授权后在360安全浏览器竟然无法跳回,测试了demo给的EntityFramework项目,亦是如此,记录日志如下:
解决方案如下:
在 Startup.cs 中,添加以下代码 :
private void CheckSameSite(HttpContext httpContext, CookieOptions options) { if (options.SameSite == SameSiteMode.None) { var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); // TODO: Use your User Agent library of choice here. if (/* UserAgent doesn't support new behavior */) { options.SameSite = SameSiteMode.Unspecified; } } } public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { options.MinimumSameSitePolicy = SameSiteMode.Unspecified; options.OnAppendCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); options.OnDeleteCookie = cookieContext => CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); }); } public void Configure(IApplicationBuilder app) { // Before UseAuthentication or anything else that writes cookies. app.UseCookiePolicy(); app.UseAuthentication(); // code omitted for brevity }
“选择退出”开关
通过 Microsoft.AspNetCore.SuppressSameSiteNone 兼容性开关,可暂时选择退出新的 ASP.NET Core Cookie 行为。 将以下 JSON 添加到项目的 runtimeconfig.template.json 文件中 :
{ "configProperties": { "Microsoft.AspNetCore.SuppressSameSiteNone": "true" } }
相关文档:https://docs.microsoft.com/zh-cn/dotnet/core/compatibility/3.0-3.1#support-older-browsers
