public static CorsResult EvaluatePolicy(NancyContext context, string policyName) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var request = context.Request; var policy = _options.GetPolicy(policyName); return(EvaluatePolicy(request, policy)); }
/// <summary> /// Handle unhandled exceptions /// </summary> /// <param name="context">Current HttpContext</param> /// <param name="exception">System.Exception.</param> private async Task HandleUnhandledExceptionAsync(HttpContext context, Exception exception) { _logger.LogError(exception, exception.Message); if (!context.Response.HasStarted) { context.Response.Clear(); //repopulate Response header with CORS policy to send the response with CORS headers _corsService.ApplyResult(_corsService.EvaluatePolicy(context, _corsOptions.GetPolicy("Default")), context.Response); context.Response.ContentType = "application/json"; context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; var message = string.Empty; if (_settings.DetailedErrors) { message = exception.Message; } else { message = "An unhandled exception has occurred."; } //implement unified error messaging approach var result = new ExceptionMessage(message).ToString(); await context.Response.WriteAsync(result); } }
public void Create_ReturnsCorsOptions(CorsOptions options) { var action = CorsOptionsFactory.Create(); action.Invoke(options); // Asserts options.GetPolicy("CorsPolicy").Should().NotBeNull(); }
public static CorsResult EvaluatePolicy(HttpContextBase context, string policyName) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var policy = _options.GetPolicy(policyName); return(EvaluatePolicy(context, policy)); }
public async Task <CorsResult> EvaluatePolicy(HttpContext context, string policyName) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var policy = _options.GetPolicy(policyName); return(await EvaluatePolicy(context, policy)); }
/// <summary> /// Handle HTTP exceptions /// </summary> /// <param name="context">Current HttpContext.</param> /// <param name="exception">Custom HTTP exception.</param> private async Task HandleHttpExceptionAsync(HttpContext context, HttpException exception) { _logger.LogError(exception, exception.MessageDetail ?? exception.Message); if (!context.Response.HasStarted) { int statusCode = exception.StatusCode; string message = exception.Message; context.Response.Clear(); //repopulate Response header with CORS policy _corsService.ApplyResult(_corsService.EvaluatePolicy(context, _corsOptions.GetPolicy("Default")), context.Response); context.Response.ContentType = "application/json"; context.Response.StatusCode = statusCode; var result = new ExceptionMessage(message).ToString(); await context.Response.WriteAsync(result); } }
public void AddDefaultPolicy_OverridesDefaultPolicyName() { // Arrange var corsOptions = new CorsOptions(); var expectedPolicy = new CorsPolicy(); // Act corsOptions.AddDefaultPolicy(new CorsPolicy()); corsOptions.AddDefaultPolicy(expectedPolicy); // Assert var actualPolicy = corsOptions.GetPolicy(corsOptions.DefaultPolicyName); Assert.Same(expectedPolicy, actualPolicy); }
/// <summary> /// Looks up a policy using the <paramref name="policyName"/> and then evaluates the policy using the passed in /// <paramref name="context"/>. /// </summary> /// <param name="context"></param> /// <param name="policyName"></param> /// <returns>A <see cref="CorsResult"/> which contains the result of policy evaluation and can be /// used by the caller to set appropriate response headers.</returns> public CorsResult EvaluatePolicy(HttpContext context, string policyName) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var policy = _options.GetPolicy(policyName); if (policy is null) { throw new InvalidOperationException(Resources.FormatPolicyNotFound(policyName)); } return(EvaluatePolicy(context, policy)); }
public Task <CorsPolicy> GetPolicyAsync(HttpContext context, string policyName) { var originHeader = context.Request.Headers["Origin"].FirstOrDefault(); // unknown policy name or origin header not present: default behavior if (string.IsNullOrEmpty(policyName) || string.IsNullOrEmpty(originHeader) || !string.Equals(policyName, DefaultSenseNetCorsPolicyName, StringComparison.InvariantCultureIgnoreCase) || string.Equals(originHeader, "null", StringComparison.InvariantCultureIgnoreCase)) { return(Task.FromResult(_options.GetPolicy(policyName ?? _options.DefaultPolicyName))); } var policyBuilder = new CorsPolicyBuilder(); // Load current CORS settings from the repository. This must not be cached here, // because settings may change at runtime, anytime. var corsSettings = Settings.GetValue <IEnumerable <string> >(PortalSettings.SETTINGSNAME, PortalSettings.SETTINGS_ALLOWEDORIGINDOMAINS, null, SnCorsConstants.DefaultAllowedDomains); // get a configured domain (or template) that matches the origin sent by the client var allowedDomain = GetAllowedDomain(originHeader, corsSettings); if (!string.IsNullOrEmpty(allowedDomain)) { // template match: set the allowed origin policyBuilder.WithOrigins(originHeader); // any origin ('*') and credentials are mutually exclusive if (!string.Equals(originHeader, CorsConstants.AnyOrigin)) { policyBuilder.AllowCredentials(); } var allowedMethods = Settings.GetValue(PortalSettings.SETTINGSNAME, PortalSettings.SETTINGS_ALLOWEDMETHODS, null, SnCorsConstants.AccessControlAllowMethodsDefault); var allowedHeaders = Settings.GetValue(PortalSettings.SETTINGSNAME, PortalSettings.SETTINGS_ALLOWEDHEADERS, null, SnCorsConstants.AccessControlAllowHeadersDefault); policyBuilder.WithMethods(allowedMethods); policyBuilder.WithHeaders(allowedHeaders); } return(Task.FromResult(policyBuilder.Build())); }
public void AddDefaultPolicy_UsingPolicyBuilder_SetsDefaultPolicyName() { // Arrange var corsOptions = new CorsOptions(); CorsPolicy expectedPolicy = null; // Act corsOptions.AddPolicy("policy1", policyBuilder => { policyBuilder.AllowAnyOrigin().Build(); }); corsOptions.AddDefaultPolicy(policyBuilder => { expectedPolicy = policyBuilder.AllowAnyOrigin().Build(); }); corsOptions.AddPolicy("policy3", new CorsPolicy()); // Assert var actualPolicy = corsOptions.GetPolicy(corsOptions.DefaultPolicyName); Assert.Same(expectedPolicy, actualPolicy); }
public CorsPolicy GetPolicy() { return(_options.GetPolicy(_options.DefaultPolicyName)); }
public Task <CorsPolicy> GetPolicyAsync(HttpContext context, string policyName) { // if no EnableCors, it still comes to this function with empty policyName return(Task.FromResult(_options.GetPolicy(policyName ?? _options.DefaultPolicyName))); }
public CorsPolicy GetPolicy() { return(_options.GetPolicy(CorsPoliciesEnums.DynamicCorsPolicyName)); }