add Authorization setting for next - subdomain

2025-06-11 15:32:40 +03:30
parent 031fb05f8c
commit 9ca041ac18
2 changed files with 33 additions and 3 deletions
--- a/ServiceHost/Program.cs
+++ b/ServiceHost/Program.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using _0_Framework.Application.Sms;
 using _0_Framework.Application;
@@ -71,9 +71,19 @@ builder.Services.Configure<FormOptions>(options =>
 builder.Services.Configure<CookiePolicyOptions>(options =>
 {
    options.CheckConsentNeeded = context => true;
-    options.MinimumSameSitePolicy = SameSiteMode.Strict;
+    //options.MinimumSameSitePolicy = SameSiteMode.Strict;
 });

+builder.Services.ConfigureApplicationCookie(options =>
+{
+    //options.Cookie.Name = "GozarAuth";
+    options.Cookie.HttpOnly = true;
+    options.Cookie.SameSite = SameSiteMode.None; // مهم ✅
+    options.Cookie.SecurePolicy = CookieSecurePolicy.Always; // فقط روی HTTPS کار می‌کنه ✅
+    options.Cookie.Domain = ".dad-mehr.ir"; // دامنه مشترک بین پدر و ساب‌دامین‌ها ✅
+});
+
+
 builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, o =>
    {
@@ -148,6 +158,25 @@ builder.Services.AddSignalR();

 #endregion

+builder.Services.AddCors(options =>
+{
+    options.AddPolicy("AllowSpecificOrigins", policy =>
+    {
+        policy.WithOrigins(
+                "http://localhost:3000",
+                "http://localhost:3001",
+                "https://gozareshgir.ir",
+                "https://dad-mehr.ir",
+                "https://admin.dad-mehr.ir",
+                "https://admin.gozareshgir.ir"
+            )
+            .AllowAnyHeader()
+            .AllowAnyMethod()
+            .AllowCredentials();
+    });
+});
+
+
 #region PWA

 //old
@@ -198,6 +227,7 @@ app.UseStaticFiles();
 app.UseCookiePolicy();

 app.UseRouting();
+app.UseCors("AllowSpecificOrigins");

 app.UseAuthorization();