public static void ConfigureSignalR(this IAppBuilder app)
{
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context =>
{
var policy = new CorsPolicy();
policy.Origins.Add(Constants.Urls.WebUrl);
policy.AllowAnyMethod = true;
policy.AllowAnyHeader = true;
policy.SupportsCredentials = true;
return(Task.FromResult(policy));
}
}
};
app.Map(Constants.Routes.SignalR, map =>
{
//map.UseCors(CorsOptions.AllowAll);
map.UseCors(corsOptions);
map.RunSignalR(new HubConfiguration()
{
EnableDetailedErrors = true
});
});
GlobalHost.DependencyResolver.Register(typeof(JsonSerializer), () => JsonSerializerFactory.Value);
}
public OwinHttpServer AddCors(IAppBuilder builder, IList <string> allowedCorsOrigins)
{
if (allowedCorsOrigins != null)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
foreach (var origin in allowedCorsOrigins)
{
corsPolicy.Origins.Add(origin);
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
builder.UseCors(corsOptions);
}
return(this);
}
/// <summary>
/// Initializes and configures <see cref="CorsOptions"/> instance.
/// </summary>
/// <param name="origins">String of allowed origins delimited by: ';'</param>
public static void ConfigureCors(string origins)
{
if (string.IsNullOrWhiteSpace(origins))
{
return;
}
var corsPolicy = new CorsPolicy {
AllowAnyMethod = true,
AllowAnyHeader = true
};
corsPolicy.Origins.ToList().AddRange(origins.Split(';'));
if (!corsPolicy.Origins.Any())
{
return;
}
Options = new CorsOptions {
PolicyProvider = new CorsPolicyProvider {
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
}
private static CorsOptions SetupCorsOptions()
{
var corsPolicy = new CorsPolicy {
AllowAnyMethod = true, AllowAnyHeader = true, SupportsCredentials = true, PreflightMaxAge = short.MaxValue
};
// Try and load allowed origins from web.config
// If none are specified we'll allow all origins
var appSetting = new ApplicationSettings();
var origins = appSetting.CorsOriginsSetting;
if (!string.IsNullOrEmpty(origins))
{
foreach (var origin in origins.Split(';'))
{
corsPolicy.Origins.Add(origin);
}
}
else
{
corsPolicy.AllowAnyOrigin = true;
}
var corsOptions = new CorsOptions {
PolicyProvider = new CorsPolicyProvider {
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
return(corsOptions);
}
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
ConfigureAuth(app);
app.Map("/signalr", map =>
{
//CorsPolicyProvider provider = new EnableCorsAttribute("*", "*", "*");
CorsOptions options = CorsOptions.AllowAll;
//options.PolicyProvider =
map.UseCors(options);
map.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
Provider = new OAuthTokenProvider()
});
var hubConfiguration = new HubConfiguration
{
Resolver = GlobalHost.DependencyResolver
};
map.RunSignalR(hubConfiguration);
});
string name = ConfigurationManager.AppSettings["LoggingDefaults"];
SeriLogHelper.ConfigureLoggingDefaults(name);
CacheConfig.Register();
}
public void Configuration(IAppBuilder appBuilder)
{
IdentityConfiguration(appBuilder);
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = req =>
{
var policy = new CorsPolicy();
var corsOrigins = ConfigurationManager.AppSettings["CorsOrigins"].Split(',');
var corsMethods = ConfigurationManager.AppSettings["CorsMethod"].Split(',');
foreach (var origin in corsOrigins)
{
if (!string.IsNullOrEmpty(origin))
{
policy.Origins.Add(origin);
}
}
foreach (var method in corsMethods)
{
if (!string.IsNullOrEmpty(method))
{
policy.Methods.Add(method);
}
}
return(Task.FromResult(policy));
}
},
CorsEngine = new CorsEngine()
};
appBuilder.UseCors(corsOptions);
OAuthConfiguration(appBuilder);
}
public virtual void Configuration(IAppBuilder app)
{
DotEnv.Load();
var corsPolicyTask = Task.FromResult(new CorsPolicy {
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
PreflightMaxAge = 60 * 60 * 1000 // 1 hour, though Chrome would limit to 10 mins I believe
});
var corsOptions = new CorsOptions {
PolicyProvider = new CorsPolicyProvider {
PolicyResolver = r => corsPolicyTask
}
};
app.UseCors(corsOptions);
var container = CreateContainer();
var mirrorSharpOptions = CreateMirrorSharpOptions(container);
app.UseMirrorSharp(mirrorSharpOptions);
app.Map("/status", a => a.Use((c, next) => {
c.Response.ContentType = "text/plain";
return(c.Response.WriteAsync("OK"));
}));
var monitor = container.Resolve <IMonitor>();
monitor.Event("Application Startup", null);
HostingEnvironment.RegisterObject(new ShutdownMonitor(monitor));
app.UseAutofacLifetimeScopeInjector(container);
}
private static void ConfigureCorsOptions(CorsOptions options)
{
options.AddPolicy("AllowAll", builder =>
{
builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials();
});
}
/// <summary>
/// Allows Cors API.
/// </summary>
/// <param name="app">App Builder.</param>
public void AllowCors(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
var origins = ConfigurationManager.AppSettings.Get("cors");
if (origins != null)
{
foreach (var origin in origins.Split(PARAMETER_CORS_SEPARATOR))
{
corsPolicy.Origins.Add(origin);
}
}
else
{
corsPolicy.AllowAnyOrigin = true;
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
}
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
var container = new Container();
ConfigureWebApi(config);
ConfigureDependencyInjection(config, container);
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = true
};
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
app.UseWebApi(config);
}
// This code configures Web API. The Startup class is specified as a type
// parameter in the WebApp.Start method.
public void Configuration(IAppBuilder appBuilder)
{
// Configure Web API for self-host.
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = c => Task.FromResult(new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
SupportsCredentials = true
})
}
};
appBuilder.UseCors(corsOptions);
appBuilder.UseWebApi(config);
}
/// <summary>
/// Allow different cors origins defined on appsettings
/// </summary>
/// <param name="services"></param>
/// <param name="corsOptions"></param>
public static void SetupCorsOrigins(this IServiceCollection services, CorsOptions corsOptions)
{
if (corsOptions == null)
{
SetCorsAnyOriginAllowed(services);
}
else
{
foreach (var definition in corsOptions.Origins)
{
services.AddCors(options =>
{
options.AddPolicy(definition.CorsPolicy, builder =>
{
builder.WithOrigins(definition.GetOriginsList().ToArray());
builder.WithHeaders(definition.GetHeadersList().ToArray());
builder.WithMethods(definition.GetMethodsList().ToArray());
if (definition.AllowCredentials)
{
builder.AllowCredentials();
}
});
});
}
}
}
private static void ConfigureCors(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyHeader = true,
SupportsCredentials = true,
Methods =
{
"OPTIONS",
"GET",
"POST",
"PUT",
"DELETE"
}
};
EnvironmentConfig.AllowedOriginUrls.ToList().ForEach(item => corsPolicy.Origins.Add(item));
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
}
public static void Configure(CorsOptions options)
{
options.AddDefaultPolicy(
builder =>
{
builder.AllowAnyMethod()
.AllowAnyHeader()
.WithOrigins(
"http://localhost:8008",
"https://localhost:8008")
.AllowCredentials();
});
options.AddPolicy(AllowAllOriginsCorsPolicy,
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
options.AddPolicy(AllowKnownClientOriginsCorsPolicy,
builder =>
{
builder.AllowAnyMethod()
.AllowAnyHeader()
.WithOrigins(
"http://localhost:8008",
"https://localhost:8008")
.AllowCredentials();
});
}
private void ConfigureAuth(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = true,
SupportsCredentials = true
};
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:tenant"],
TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:audience"],
ValidateAudience = true,
ValidIssuer = ConfigurationManager.AppSettings["ida:issuer"],
ValidateIssuer = true,
ValidateLifetime = true
}
});
}
public void ConfigureAuth(IAppBuilder app)
{
var tokenCorsPolicy = new CorsPolicy {
AllowAnyOrigin = true,
AllowAnyHeader = true,
AllowAnyMethod = true
};
var corsOptions = new CorsOptions {
PolicyProvider = new CorsPolicyProvider {
PolicyResolver = request => Task.FromResult(
request.Path.ToString().StartsWith("/auth/token") ? tokenCorsPolicy : null
)
}
};
app.UseCors(corsOptions);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
}
public void Configuration(IAppBuilder app)
{
var corsPolicyTask = Task.FromResult(new CorsPolicy {
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
PreflightMaxAge = 60 * 60 * 1000 // 1 hour, though Chrome would limit to 10 mins I believe
});
var corsOptions = new CorsOptions {
PolicyProvider = new CorsPolicyProvider {
PolicyResolver = r => corsPolicyTask
}
};
app.UseCors(corsOptions);
var mirrorSharpOptions = CreateMirrorSharpOptions();
app.UseMirrorSharp(mirrorSharpOptions);
app.Map("/status", a => a.Use((c, next) => {
c.Response.ContentType = "text/plain";
return(c.Response.WriteAsync("OK"));
}));
}
//private SiteContext site;
public bool IsPathAllowed(PathString path, CorsOptions options)
{
var result = options.CorsPaths.Any(x => path == x);
if (result)
{
return(result);
}
if (multiTenantOptions.Mode == MultiTenantMode.FolderName)
{
var site = contextAccessor.HttpContext.GetTenant <SiteContext>();
if (site != null && !string.IsNullOrEmpty(site.SiteFolderName))
{
//result = options.CorsPaths.Any(x => path == "/" + site.SiteFolderName + x);
foreach (var cp in options.CorsPaths)
{
var tenantPath = "/" + site.SiteFolderName + cp;
if (path == tenantPath)
{
return(true);
}
}
}
}
return(result);
}
public void ConfigureCors(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = false,
AllowAnyHeader = false,
AllowAnyOrigin = false,
SupportsCredentials = true
};
var origins = ConfigurationManager.AppSettings["CorsOrigins"];
var headers = ConfigurationManager.AppSettings["CorsHeaders"];
var methods = ConfigurationManager.AppSettings["CorsMethods"];
AddTokens(origins, corsPolicy.Origins);
AddTokens(headers, corsPolicy.Headers);
AddTokens(methods, corsPolicy.Methods);
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
}
/// <summary>
/// Initializes and configures <see cref="T:Microsoft.Owin.Cors.CorsOptions" /> instance.
/// </summary>
/// <param name="origins">String of allowed origins delimited by: ';'</param>
public static void ConfigureCors(string origins)
{
if (string.IsNullOrWhiteSpace(origins))
{
return;
}
CorsPolicy corsPolicy = new CorsPolicy()
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
corsPolicy.Origins.ToList <string>().AddRange((IEnumerable <string>)origins.Split(';'));
if (!corsPolicy.Origins.Any <string>())
{
return;
}
CorsConfig.Options = new CorsOptions()
{
PolicyProvider = (ICorsPolicyProvider) new CorsPolicyProvider()
{
PolicyResolver = (Func <IOwinRequest, Task <CorsPolicy> >)(context => Task.FromResult <CorsPolicy>(corsPolicy))
}
};
}
private static void ConfigureCors(CorsOptions cors)
{
cors.AddDefaultPolicy(policy => policy
.AllowAnyOrigin()
.WithHeaders(HeaderNames.ContentType)
.WithMethods(HttpMethods.Post));
}
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
corsPolicy.AllowAnyOrigin = true;
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
app.UseCors(corsOptions);
ActivateTokenGenerator(app);
app.UseWebApi(config);
}
public void ConfigureCorsPolicy(CorsOptions options)
{
options.AddPolicy("CorsPolicy", builder =>
{
builder.WithOrigins(_corsSettings.AllowedOrigins).AllowAnyHeader().AllowAnyMethod();
});
}
private void ConfigureCors(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
var origins = ConfigurationManager.AppSettings["Cors.Origins"];
if (origins != null)
{
foreach (var origin in origins.Split(';'))
{
corsPolicy.Origins.Add(origin);
}
}
else
{
corsPolicy.AllowAnyOrigin = true;
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
}
/// <summary>
///
/// </summary>
/// <param name="services"></param>
/// <returns></returns>
public static IServiceCollection AddCorsOption(this IServiceCollection services)
{
if (EasySharpServices.IsInitialized == false)
{
EasySharpServices.Services = services;
EasySharpServices.Initialize();
}
Configuration = EasySharpServices.Builder();
var options = new CorsOptions();
Configuration.GetSection(nameof(CorsOptions)).Bind(options);
//if Links=null, set links array to empty array
var linksOption = options.Links ?? new string[] { };
var policyName = options.Name;
if (options.Enabled)
{
string[] clientUrls = linksOption.ToArray();
services.AddCors(opt =>
{
opt.AddPolicy(policyName,
fbuilder => fbuilder.WithOrigins(clientUrls)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
}
return(services);
}
/// <summary>
/// 由 CorsCoreHelper 负责初始化
/// </summary>
/// <param name="options"></param>
public static void SetPolicyMap(CorsOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var map = options.GetPolicyMap();
_defaultPolicyName = options.DefaultPolicyName;
foreach (var key in map.Keys)
{
var builder = new CorsPolicyBuilder(map[key]);
_policyMap.Add(key, builder.Build());
}
if (!IsContainsPolicy(_defaultPolicyName))
{
_policyMap.Add(_defaultPolicyName, CorsPolicy.DefaultCorsPolicy);
}
EnableGlobalCors = options.EnableGlobalCors;
GlobalCorsPolicyName = string.IsNullOrWhiteSpace(options.GlobalCorsPolicyName)
? options.DefaultPolicyName
: options.GlobalCorsPolicyName;
}
public static void AllowAll(this CorsOptions setup, string policyName)
{
setup.AddPolicy(policyName, policy => policy
.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod());
}
public async Task Invoke_HasCorsConfig_InvokesNext()
{
var testOrigin = "https://functions.azure.com";
var hostCorsOptions = new OptionsWrapper <HostCorsOptions>(new HostCorsOptions
{
AllowedOrigins = new List <string> {
testOrigin
}
});
var testPolicy = new CorsPolicy();
var testOptions = new CorsOptions();
testOptions.AddDefaultPolicy(testPolicy);
var corsOptions = new OptionsWrapper <CorsOptions>(testOptions);
var corsFactory = new CorsMiddlewareFactory(corsOptions, NullLoggerFactory.Instance);
bool nextInvoked = false;
RequestDelegate next = (context) =>
{
nextInvoked = true;
context.Response.StatusCode = (int)HttpStatusCode.Accepted;
return(Task.CompletedTask);
};
var middleware = new JobHostCorsMiddleware(hostCorsOptions, corsFactory);
var httpContext = new DefaultHttpContext();
await middleware.Invoke(httpContext, next);
Assert.True(nextInvoked);
}
public static void Register(IAppBuilder app)
{
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
// Try and load allowed origins from web.config
// If none are specified we'll allow all origins
var origins = ConfigHelper.CorsOrigins;
if (origins != null)
{
foreach (var origin in origins.Split(';'))
{
corsPolicy.Origins.Add(origin);
}
}
else
{
corsPolicy.AllowAnyOrigin = true;
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
}
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
//UseRedisBackplane();
//UseServiceBusBackplane();
//UseSqlBackplane();
// Branch the pipeline here for requests that start with "/signalr"
app.Map("/signalr", map =>
{
CorsPolicy corsPolicy = new CorsPolicy()
{
AllowAnyHeader = true,
//AllowAnyOrigin = true,
AllowAnyMethod = true,
SupportsCredentials = true
};
// Get Allowed Origins from Config and split by comma. Can be changed to any character that you chose.
string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',');
// To split by multiple types use the following example as a template:
//string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',', '+');
foreach (string origin in origins)
{
corsPolicy.Origins.Add(origin);
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
// Setup the CORS middleware to run before SignalR.
// By default this will allow all origins. You can
// configure the set of origins and/or http verbs by
// providing a cors options with a different policy.
map.UseCors(corsOptions);
var hubConfiguration = new HubConfiguration
{
// You can enable JSONP by uncommenting line below.
// JSONP requests are insecure but some older browsers (and some
// versions of IE) require JSONP to work cross domain
EnableDetailedErrors = true,
//EnableJSONP = true,
//EnableJavaScriptProxies = true
};
// Run the SignalR pipeline. We're not using MapSignalR
// since this branch already runs under the "/signalr"
// path.
map.RunSignalR(hubConfiguration);
});
//app.MapSignalR();
}
private static void ConfigureCors(CorsOptions options)
{
options.AddPolicy(defaultName, policy =>
policy.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyOrigin()
.AllowCredentials());
}
public async Task GetsNamedPolicy(string policyName)
{
// Arrange
var options = new CorsOptions();
var policy = new CorsPolicy();
options.AddPolicy(policyName, policy);
var corsOptions = new TestCorsOptions
{
Value = options
};
var policyProvider = new DefaultCorsPolicyProvider(corsOptions);
// Act
var actualPolicy = await policyProvider.GetPolicyAsync(new DefaultHttpContext(), policyName);
// Assert
Assert.Same(policy, actualPolicy);
}
public async Task GetsNamedPolicy(string policyName)
{
// Arrange
var options = new CorsOptions();
var policy = new CorsPolicy();
options.AddPolicy(policyName, policy);
var mockOptions = new Mock<IOptions<CorsOptions>>();
mockOptions
.SetupGet(o => o.Options)
.Returns(options);
var policyProvider = new DefaultCorsPolicyProvider(mockOptions.Object);
// Act
var actualPolicy = await policyProvider.GetPolicyAsync(new DefaultHttpContext(), policyName);
// Assert
Assert.Same(policy, actualPolicy);
}
//private SiteContext site;
public bool IsPathAllowed(PathString path, CorsOptions options)
{
var result = options.CorsPaths.Any(x => path == x);
if (result) return result;
if (multiTenantOptions.Mode == MultiTenantMode.FolderName)
{
var site = contextAccessor.HttpContext.GetTenant<SiteContext>();
if(site != null && !string.IsNullOrEmpty(site.SiteFolderName))
{
//result = options.CorsPaths.Any(x => path == "/" + site.SiteFolderName + x);
foreach (var cp in options.CorsPaths)
{
var tenantPath = "/" + site.SiteFolderName + cp;
if (path == tenantPath) return true;
}
}
}
return result;
}
private static CorsBasedSecurityMessageHandler CreateSubjectUnderTest(
HttpResponseMessage response = null,
CorsEngine corsEngine = null,
CorsOptions options = null)
{
var sut = new CorsBasedSecurityMessageHandler(options ?? CorsOptions.AllowAll());
sut.InnerHandler = new TestHandler(response);
sut.SetCorsEngineFactory(() => corsEngine ?? new CorsEngine());
return sut;
}
