public CorsPolicy Build()
{
CorsPolicyBuilder policy = new CorsPolicyBuilder();
ApplyAlls();
var origins = Origins.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
if (origins.Any())
{
if (origins.First() == "*")
{
policy.AllowAnyOrigin();
}
else
{
policy.WithOrigins(origins);
}
if (AllowCredentials && origins.First() != "*")
{
policy.AllowCredentials();
}
else
{
policy.DisallowCredentials();
}
}
var methods = Methods.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
if (methods.Any())
{
if (methods.First() == "*")
{
policy.AllowAnyMethod();
}
else
{
policy.WithMethods(methods);
}
}
var headers = Headers.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
if (headers.Any())
{
if (headers.First() == "*")
{
policy.AllowAnyHeader();
}
else
{
policy.WithHeaders(headers);
}
}
policy.SetIsOriginAllowedToAllowWildcardSubdomains();
return(policy.Build());
}
private void ConfigureCors(CorsPolicyBuilder builder)
{
var origin = _environment.IsDevelopment() ? "" : "";
builder
.SetIsOriginAllowedToAllowWildcardSubdomains()
.WithOrigins("*") // TODO: Fix
.WithMethods("GET")
.AllowCredentials();
}
public void SetIsOriginAllowedToAllowWildcardSubdomains_DoesNotAllowRootDomain()
{
// Arrange
var builder = new CorsPolicyBuilder("http://*.example.com");
// Act
builder.SetIsOriginAllowedToAllowWildcardSubdomains();
// Assert
var corsPolicy = builder.Build();
Assert.False(corsPolicy.IsOriginAllowed("http://example.com"));
}
public void SetIsOriginAllowedToAllowWildcardSubdomains_AllowsWildcardSubdomains()
{
// Arrange
var builder = new CorsPolicyBuilder("http://*.example.com");
// Act
builder.SetIsOriginAllowedToAllowWildcardSubdomains();
// Assert
var corsPolicy = builder.Build();
Assert.True(corsPolicy.IsOriginAllowed("http://test.example.com"));
}
/// <summary>
/// Customizes cors cfg
/// </summary>
/// <param name="builder"></param>
/// <returns></returns>
public static CorsPolicyBuilder CustomizeCors(this CorsPolicyBuilder builder)
{
var cfg = Cartomatic.Utils.NetCoreConfig.GetNetCoreConfig();
var origins = cfg.GetSection("CorsCfg:Origins").Get <string[]>() ?? new string[0];
var headers = cfg.GetSection("CorsCfg:Headers").Get <string[]>() ?? new string[0];
var methods = cfg.GetSection("CorsCfg:Methods").Get <string[]>() ?? new string[0];
//all origins allowed
if (origins.Any(o => o == "*"))
{
builder.AllowAnyOrigin();
}
else if (origins.Any())
{
if (origins.Any(o => o.IndexOf("*") > -1))
{
builder.SetIsOriginAllowedToAllowWildcardSubdomains();
}
builder.WithOrigins(origins);
}
if (headers.Any(h => h == "*"))
{
builder.AllowAnyHeader();
}
else if (headers.Any())
{
builder.WithHeaders(headers);
}
if (methods.Any(m => m == "*"))
{
builder.AllowAnyMethod();
}
else if (methods.Any())
{
builder.WithMethods(methods);
}
return(builder);
}
public static IServiceCollection AddElectCors(this IServiceCollection services,
[NotNull] Action <ElectCorsOptions> configuration)
{
services.Configure(configuration);
var options = configuration.GetValue();
var corsBuilder = new CorsPolicyBuilder();
if (options.IsOriginAllowed != null)
{
corsBuilder.SetIsOriginAllowed(options.IsOriginAllowed);
}
else if (options.AllowOrigins?.Any() == true)
{
options.AllowOrigins = options.AllowOrigins.Distinct().OrderBy(x => x).ToList();
if (options.AllowOrigins.Contains("*"))
{
corsBuilder.SetIsOriginAllowed((origin) => true);
}
else
{
corsBuilder.WithOrigins(options.AllowOrigins.ToArray());
corsBuilder.SetIsOriginAllowedToAllowWildcardSubdomains();
}
}
if (options.AllowHeaders?.Any() == true)
{
if (options.AllowHeaders.Contains("*"))
{
corsBuilder.AllowAnyHeader();
}
else
{
corsBuilder.WithHeaders(options.AllowHeaders.ToArray());
}
}
if (options.AllowMethods?.Any() == true)
{
if (options.AllowMethods.Contains("*"))
{
corsBuilder.AllowAnyMethod();
}
else
{
corsBuilder.WithMethods(options.AllowMethods.ToArray());
}
}
if (options.IsAllowCredentials)
{
corsBuilder.AllowCredentials();
}
else
{
corsBuilder.DisallowCredentials();
}
options.ExtendPolicyBuilder?.Invoke(corsBuilder);
services.AddCors(config =>
{
config.DefaultPolicyName = options.PolicyName;
config.AddDefaultPolicy(corsBuilder.Build());
options.ExtendPolicyOptions?.Invoke(config);
});
services.Configure <MvcOptions>(config =>
{
config.Filters.Add(new CorsAuthorizationFilterFactory(options.PolicyName));
});
services.TryAddTransient <CorsAuthorizationFilter, CorsAuthorizationFilter>();
return(services);
}