From fb28bbdbe5f1aefdb73d598f3739e998e0c6ec71 Mon Sep 17 00:00:00 2001
From: xiangning <wen@192.168.1.35>
Date: Mon, 11 May 2026 02:44:54 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E5=89=8D=E7=AB=AF-?=
 =?UTF-8?q?=E5=90=8E=E7=AB=AF=E8=BF=9E=E6=8E=A5=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- CORS 添加 localhost:5666 端口
- Cookie 改为 Secure=false, SameSite=Lax 适配 localhost 开发环境
---
 src/RAG.Api/Endpoints/Auth/LoginEndpoint.cs        | 4 ++--
 src/RAG.Api/Endpoints/Auth/RefreshTokenEndpoint.cs | 4 ++--
 src/RAG.Api/RAGApiModule.cs                        | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/RAG.Api/Endpoints/Auth/LoginEndpoint.cs b/src/RAG.Api/Endpoints/Auth/LoginEndpoint.cs
index 8afa0c5..9dae81c 100644
--- a/src/RAG.Api/Endpoints/Auth/LoginEndpoint.cs
+++ b/src/RAG.Api/Endpoints/Auth/LoginEndpoint.cs
@@ -25,8 +25,8 @@ public class LoginEndpoint(IMediator mediator) : Endpoint<LoginRequest, TokenRes
         HttpContext.Response.Cookies.Append("jwt", result.RefreshToken, new CookieOptions
         {
             HttpOnly = true,
-            Secure = true,
-            SameSite = SameSiteMode.None,
+            Secure = false,
+            SameSite = SameSiteMode.Lax,
             Expires = DateTimeOffset.UtcNow.AddDays(7),
             Path = "/"
         });
diff --git a/src/RAG.Api/Endpoints/Auth/RefreshTokenEndpoint.cs b/src/RAG.Api/Endpoints/Auth/RefreshTokenEndpoint.cs
index 8934113..0dc48b1 100644
--- a/src/RAG.Api/Endpoints/Auth/RefreshTokenEndpoint.cs
+++ b/src/RAG.Api/Endpoints/Auth/RefreshTokenEndpoint.cs
@@ -31,8 +31,8 @@ public class RefreshTokenEndpoint(IMediator mediator) : EndpointWithoutRequest<s
         HttpContext.Response.Cookies.Append("jwt", result.RefreshToken, new CookieOptions
         {
             HttpOnly = true,
-            Secure = true,
-            SameSite = SameSiteMode.None,
+            Secure = false,
+            SameSite = SameSiteMode.Lax,
             Expires = DateTimeOffset.UtcNow.AddDays(7),
             Path = "/"
         });
diff --git a/src/RAG.Api/RAGApiModule.cs b/src/RAG.Api/RAGApiModule.cs
index f091d85..d923ced 100644
--- a/src/RAG.Api/RAGApiModule.cs
+++ b/src/RAG.Api/RAGApiModule.cs
@@ -45,7 +45,7 @@ public class RAGApiModule : AbpModule
         {
             options.AddDefaultPolicy(policy =>
             {
-                policy.WithOrigins("http://localhost:5173", "http://localhost:5174", "http://localhost:3000")
+                policy.WithOrigins("http://localhost:5173", "http://localhost:5174", "http://localhost:3000", "http://localhost:5666")
                     .AllowAnyHeader()
                     .AllowAnyMethod()
                     .AllowCredentials();