private void ConfigureWebApi(IAppBuilder app) { var config = new HttpConfiguration(); config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "{controller}/{action}" ); config.Formatters.JsonFormatter.SerializerSettings.Formatting = Formatting.Indented; app.Map("/api", api => { var corsOptions = new CorsOptions() { PolicyProvider = new CorsPolicyProvider { PolicyResolver = ctx => { var policy = new CorsPolicy(); policy.Origins.Add("http://localhost:3054"); policy.AllowAnyHeader = true; policy.Methods.Add("GET"); return Task.FromResult(policy); } } }; api.UseCors(corsOptions); api.UseWebApi(config); }); }
/// <summary> /// Initializes a new instance of the <see cref="EnableCorsAttribute"/> class. /// </summary> public EnableCorsAttribute() { _corsPolicy = new CorsPolicy(); _corsPolicy.AllowAnyHeader = true; _corsPolicy.AllowAnyMethod = true; _corsPolicy.AllowAnyOrigin = true; }
public void Configuration(IAppBuilder app) { var config = new HttpConfiguration(); var container = new Container(); ConfigureWebApi(config); ConfigureDependencyInjection(config, container); var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, AllowAnyOrigin = true }; var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); app.UseWebApi(config); }
public void Configuration(IAppBuilder app) { var policy = new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true, SupportsCredentials = true }; policy.ExposedHeaders.Add("Authorization"); app.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(policy) } }); var config = new HttpConfiguration(); WebApiConfig.Register(config); app.UseNinjectMiddleware(CreateKernel); app.UseNinjectWebApi(config); }
public void Configuration(IAppBuilder app) { CorsPolicy tokenCorsPolicy = new CorsPolicy { AllowAnyOrigin = true, AllowAnyHeader = true, AllowAnyMethod = true }; CorsOptions corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = request => Task.FromResult(request.Path.ToString().StartsWith("/token") ? tokenCorsPolicy : null) } }; app.UseCors(corsOptions); HttpConfiguration webApiConfig = new HttpConfiguration(); app.UseWebApi(webApiConfig); ConfigureAuth(app); }
public async Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var corsRequestContext = request.GetCorsRequestContext(); var originRequested = corsRequestContext.Origin; if (await IsOriginApproved(originRequested)) { // Grant CORS request var policy = new CorsPolicy(); policy.Origins.Add(originRequested); policy.Methods.Add("GET"); policy.Methods.Add("POST"); policy.Methods.Add("PUT"); policy.Methods.Add("DELETE"); policy.Methods.Add("PATCH"); policy.Methods.Add("OPTIONS"); policy.Headers.Add("accept"); policy.Headers.Add("content-type"); policy.Headers.Add("X-Auth-Token"); policy.Headers.Add("Origin"); policy.ExposedHeaders.Add("DataServiceVersion"); policy.ExposedHeaders.Add("MaxDataServiceVersion"); policy.ExposedHeaders.Add("X-Auth-Token"); policy.SupportsCredentials = true; return policy; } // Reject CORS request return null; }
/// <summary> /// Try to validate the requested method based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the requested method is valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateMethod(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (policy.AllowAnyMethod || policy.Methods.Contains(requestContext.AccessControlRequestMethod)) { result.AllowedMethods.Add(requestContext.AccessControlRequestMethod); } else { result.ErrorMessages.Add(String.Format( CultureInfo.CurrentCulture, SRResources.MethodNotAllowed, requestContext.AccessControlRequestMethod)); } return result.IsValid; }
public void Configuration(IAppBuilder app) { ConfigureAuth(app); app.MapSignalR(); app.Map("/signalr", map => { var corsPolicy = new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true }; // Add the domain where your client is hosted on. corsPolicy.Origins.Add("http://localhost:4200"); map.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = r => Task.FromResult(corsPolicy) } }); map.RunSignalR(); }); }
public MyCorsPolicyAttribute() { // Create a CORS policy. _policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, SupportsCredentials = true, AllowAnyOrigin = true }; // Add allowed origins. _policy.Headers.Remove("Cache-Control"); //TODO implemntar lista do banco de dados ou' web.config _policy.Origins.Add("http://192.168.0.105"); _policy.Origins.Add("http://192.168.0.111"); _policy.Origins.Add("http://localhost"); _policy.Origins.Add("http://localhost:3941"); _policy.Origins.Add("http://localhost:12165"); _policy.Origins.Add("http://localhost:25372"); _policy.Origins.Add("http://localhost:25372/"); _policy.Origins.Add("http://www.sonicfinanceiro.somee.com"); _policy.Origins.Add("http://sonicfinanceiro.somee.com"); _policy.Origins.Add("http://www.sonicti.somee.com/"); _policy.Origins.Add("http://www.sonicti.somee.com"); _policy.Origins.Add("www.sonicti.somee.com/"); _policy.Origins.Add("www.sonicti.somee.com"); _policy.Origins.Add("http://sonicti.somee.com/"); _policy.Origins.Add("http://sonicti.somee.com"); }
public CorsResult EvaluatePolicy(CorsRequestContext requestContext, CorsPolicy policy) { CorsResult corsResult = null; object request; requestContext.Properties.TryGetValue(typeof(HttpRequestMessage).FullName, out request); _traceWriter.TraceBeginEnd( request as HttpRequestMessage, TraceCategories.CorsCategory, TraceLevel.Info, _innerCorsEngine.GetType().Name, MethodName, beginTrace: null, execute: () => { corsResult = _innerCorsEngine.EvaluatePolicy(requestContext, policy); }, endTrace: (tr) => { if (corsResult != null) { tr.Message = String.Format(CultureInfo.CurrentCulture, SRResources.TraceEndCorsResultReturned, corsResult); } else { tr.Message = SRResources.TraceEndNoCorsResultReturned; } }, errorTrace: null); return corsResult; }
public void Configuration(IAppBuilder app) { app.Map("/signalr", map => { var corsPolicy = new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = true }; corsPolicy.AllowAnyHeader = true; corsPolicy.AllowAnyMethod = true; corsPolicy.SupportsCredentials = true; map.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = r => Task.FromResult(corsPolicy) } }); map.RunSignalR(new HubConfiguration() { EnableJSONP = true, EnableJavaScriptProxies = true }); }); ConfigureAuth(app); }
public void Configuration(IAppBuilder app) { ConfigureAuth(app); //UseRedisBackplane(); //UseServiceBusBackplane(); //UseSqlBackplane(); // Branch the pipeline here for requests that start with "/signalr" app.Map("/signalr", map => { CorsPolicy corsPolicy = new CorsPolicy() { AllowAnyHeader = true, //AllowAnyOrigin = true, AllowAnyMethod = true, SupportsCredentials = true }; // Get Allowed Origins from Config and split by comma. Can be changed to any character that you chose. string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(','); // To split by multiple types use the following example as a template: //string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',', '+'); foreach (string origin in origins) { corsPolicy.Origins.Add(origin); } var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; // Setup the CORS middleware to run before SignalR. // By default this will allow all origins. You can // configure the set of origins and/or http verbs by // providing a cors options with a different policy. map.UseCors(corsOptions); var hubConfiguration = new HubConfiguration { // You can enable JSONP by uncommenting line below. // JSONP requests are insecure but some older browsers (and some // versions of IE) require JSONP to work cross domain EnableDetailedErrors = true, //EnableJSONP = true, //EnableJavaScriptProxies = true }; // Run the SignalR pipeline. We're not using MapSignalR // since this branch already runs under the "/signalr" // path. map.RunSignalR(hubConfiguration); }); //app.MapSignalR(); }
private static void SetHeadersIfRequired( this CorsOptions options, CorsPolicy corsPolicy) { if (options.AllowAnyHeader) return; SetList(options.AllowedHeaders, corsPolicy.Headers); }
private static void SetMethodsIfRequired( this CorsOptions options, CorsPolicy corsPolicy) { if (options.AllowAnyMethod) return; SetList(options.AllowedMethods, corsPolicy.Methods); }
private static void SetOriginsIfRequired( this CorsOptions options, CorsPolicy corsPolicy) { if (options.AllowAnyOrigin) return; SetList(options.AllowedOrigins, corsPolicy.Origins); }
private void Init(List<String> domains) { _policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; domains.ForEach(d => _policy.Origins.Add(d)); }
private Task HandleCorsRequestAsync(IOwinContext context, CorsPolicy policy, CorsRequestContext corsRequestContext) { CorsResult result; if (TryEvaluateCorsPolicy(policy, corsRequestContext, out result)) { WriteCorsHeaders(context, result); } return _next(context.Environment); }
public EnableCustomCors() { _policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; _policy.Origins.Add("http://localhost:8080"); }
private CorsPolicy GetPolicyForControllerAndOrigin( string controller, string originRequested) { // Do database lookup to determine if the controller is allowed for // the origin and create CorsPolicy if it is (otherwise return null) var policy = new CorsPolicy(); policy.Origins.Add(originRequested); policy.Methods.Add("GET"); return policy; }
public CustomCORSAttribute() { _policy = new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true }; _policy.Origins.Add("localhost"); }
public void Configuration(IAppBuilder app) { ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; app.Use(async (context, next) => { if (context.Request.Method != "OPTIONS" && context.Request.Cookies.Any()) { var cookie = context.Request.Cookies["Halo-Secure"]; if (!string.IsNullOrEmpty(cookie)) { context.Request.Headers.Remove("Authorization"); context.Request.Headers.Add("Authorization", new[] { "Bearer " + cookie }); //.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", cookie.Cookies[0].Value); } } await next.Invoke(); }); var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, AllowAnyOrigin = false, SupportsCredentials = true }; corsPolicy.Origins.Add("http://localhost:32150"); //corsPolicy.Origins.Add("https://localhost:32150"); //corsPolicy.Origins.Add("http://localhost:32150/"); //corsPolicy.Origins.Add("https://localhost:32150/"); corsPolicy.ExposedHeaders.Add("X-Custom-Header"); app.UseCors(new Microsoft.Owin.Cors.CorsOptions() { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }); JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>(); app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions { Authority = "https://HFL0100:44333", RequiredScopes = new[] { "api1" }, ValidationMode = ValidationMode.Local, AuthenticationType = "Bearer", AuthenticationMode = AuthenticationMode.Active, }); // configure web api var config = new HttpConfiguration(); config.Filters.Add(new AuthorizeAttribute()); config.MapHttpAttributeRoutes(); app.UseWebApi(config); }
/// <summary> /// 表示允许跨域请求 /// </summary> public ApiCorsPolicyAttribute() { _policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; _policy.Origins.Add("http://2.16898.cc"); _policy.Origins.Add("http://198.18.0.254:8009/"); _policy.Origins.Add("http://localhost:5405"); }
public MyCorsPolicyProvider() { _policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; // Add allowed origins. _policy.Origins.Add("http://localhost:5268"); }
/// <summary> /// Default options allows all request, CORS does not limit anything /// </summary> public BackOfficeAuthServerProviderOptions() { //These are the defaults that we know work but people can modify them // on startup if required. CorsPolicy = new CorsPolicy() { AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = true, SupportsCredentials = true }; }
/// <summary> /// Default options allows all request, CORS does not limit anything /// </summary> public UmbracoRestApiOptions() { //These are the defaults that we know work with auth and the REST API // but people can modify them if required. CorsPolicy = new CorsPolicy() { AllowAnyOrigin = true, SupportsCredentials = true, AllowAnyHeader = true, Methods = {"GET", "POST", "DELETE", "PUT"} }; }
private CorsPolicy ConfigPolicy() { string[] domains = ConfigurationManager.AppSettings["CORS"].Split(';'); var policy = new CorsPolicy(); foreach (var domain in domains) { policy.Origins.Add(domain); } policy.AllowAnyMethod = true; policy.AllowAnyHeader = true; policy.SupportsCredentials = true; return policy; }
public CorsPolicyProvider() { // Create a CORS policy. _policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, AllowAnyOrigin = true }; // Magic line right here _policy.Origins.Add("http://localhost/MonfuSportsStore"); }
private CorsPolicy CreatePolicy(string origin) { var policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, SupportsCredentials = true }; if (!String.IsNullOrWhiteSpace(origin)) { policy.Origins.Add(origin); } return policy; }
public MyCorsPolicyAttribute() { // Create a CORS policy. this._policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, AllowAnyOrigin = true }; //// Add allowed origins. //_policy.Origins.Add("http://myclient.azurewebsites.net"); //_policy.Origins.Add("http://www.contoso.com"); }
public ConfigCorsPolicy(string origin) { // Create a CORS policy. _policy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; // Add allowed origins. string [] origins = origin.Split(new string[]{";"}, StringSplitOptions.RemoveEmptyEntries); foreach(string o in origins) _policy.Origins.Add(o); //_policy.Origins.Add(origin); }
public virtual bool TryValidateOrigin(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (requestContext.Origin != null) { if (policy.AllowAnyOrigin) { if (policy.SupportsCredentials) { result.AllowedOrigin = requestContext.Origin; } else { result.AllowedOrigin = CorsConstants.AnyOrigin; } } else if (policy.Origins.Contains(requestContext.Origin)) { result.AllowedOrigin = requestContext.Origin; } else { result.ErrorMessages.Add(string.Format(CultureInfo.CurrentCulture, "OriginNotAllowed=The origin '{0}' is not allowed.", new object[] { requestContext.Origin })); } } else { result.ErrorMessages.Add("The request does not contain the Origin header."); } return(result.IsValid); }
/// <summary> /// Evaluates the policy. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext" />.</param> /// <param name="policy">The <see cref="CorsPolicy" />.</param> /// <returns> /// The <see cref="CorsResult" /> /// </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// </exception> public virtual CorsResult EvaluatePolicy(CorsRequestContext requestContext, CorsPolicy policy) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } CorsResult result = new CorsResult(); if (!TryValidateOrigin(requestContext, policy, result)) { return(result); } result.SupportsCredentials = policy.SupportsCredentials; if (requestContext.IsPreflight) { if (!TryValidateMethod(requestContext, policy, result)) { return(result); } if (!TryValidateHeaders(requestContext, policy, result)) { return(result); } result.PreflightMaxAge = policy.PreflightMaxAge; } else { AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders); } return(result); }
/// <summary> /// Try to validate the requested headers based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the requested headers are valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateHeaders( CorsRequestContext requestContext, CorsPolicy policy, CorsResult result ) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if ( policy.AllowAnyHeader || requestContext.AccessControlRequestHeaders.IsSubsetOf(policy.Headers) ) { AddHeaderValues(result.AllowedHeaders, requestContext.AccessControlRequestHeaders); } else { result.ErrorMessages.Add( String.Format( CultureInfo.CurrentCulture, SRResources.HeadersNotAllowed, String.Join(",", requestContext.AccessControlRequestHeaders) ) ); } return(result.IsValid); }
/// <summary> /// Try to validate the requested method based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the requested method is valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateMethod( CorsRequestContext requestContext, CorsPolicy policy, CorsResult result ) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if ( policy.AllowAnyMethod || policy.Methods.Contains(requestContext.AccessControlRequestMethod) ) { result.AllowedMethods.Add(requestContext.AccessControlRequestMethod); } else { result.ErrorMessages.Add( String.Format( CultureInfo.CurrentCulture, SRResources.MethodNotAllowed, requestContext.AccessControlRequestMethod ) ); } return(result.IsValid); }
public virtual bool TryValidateHeaders(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (policy.AllowAnyHeader || requestContext.AccessControlRequestHeaders.IsSubsetOf(policy.Headers)) { AddHeaderValues(result.AllowedHeaders, requestContext.AccessControlRequestHeaders); } else { result.ErrorMessages.Add(string.Format(CultureInfo.CurrentCulture, "The collection of headers '{0}' is not allowed.", new object[] { string.Join(",", requestContext.AccessControlRequestHeaders) })); } return(result.IsValid); }