private void ConfigureWebApi(IAppBuilder app)
{
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "{controller}/{action}"
);
config.Formatters.JsonFormatter.SerializerSettings.Formatting = Formatting.Indented;
app.Map("/api", api =>
{
var corsOptions = new CorsOptions()
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = ctx =>
{
var policy = new CorsPolicy();
policy.Origins.Add("http://localhost:3054");
policy.AllowAnyHeader = true;
policy.Methods.Add("GET");
return Task.FromResult(policy);
}
}
};
api.UseCors(corsOptions);
api.UseWebApi(config);
});
}
/// <summary>
/// Initializes a new instance of the <see cref="EnableCorsAttribute"/> class.
/// </summary>
public EnableCorsAttribute()
{
_corsPolicy = new CorsPolicy();
_corsPolicy.AllowAnyHeader = true;
_corsPolicy.AllowAnyMethod = true;
_corsPolicy.AllowAnyOrigin = true;
}
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
var container = new Container();
ConfigureWebApi(config);
ConfigureDependencyInjection(config, container);
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = true
};
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
app.UseCors(corsOptions);
app.UseWebApi(config);
}
public void Configuration(IAppBuilder app)
{
var policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
SupportsCredentials = true
};
policy.ExposedHeaders.Add("Authorization");
app.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
var config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseNinjectMiddleware(CreateKernel);
app.UseNinjectWebApi(config);
}
public void Configuration(IAppBuilder app)
{
CorsPolicy tokenCorsPolicy = new CorsPolicy
{
AllowAnyOrigin = true,
AllowAnyHeader = true,
AllowAnyMethod = true
};
CorsOptions corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = request => Task.FromResult(request.Path.ToString().StartsWith("/token") ? tokenCorsPolicy : null)
}
};
app.UseCors(corsOptions);
HttpConfiguration webApiConfig = new HttpConfiguration();
app.UseWebApi(webApiConfig);
ConfigureAuth(app);
}
public async Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var corsRequestContext = request.GetCorsRequestContext();
var originRequested = corsRequestContext.Origin;
if (await IsOriginApproved(originRequested))
{
// Grant CORS request
var policy = new CorsPolicy();
policy.Origins.Add(originRequested);
policy.Methods.Add("GET");
policy.Methods.Add("POST");
policy.Methods.Add("PUT");
policy.Methods.Add("DELETE");
policy.Methods.Add("PATCH");
policy.Methods.Add("OPTIONS");
policy.Headers.Add("accept");
policy.Headers.Add("content-type");
policy.Headers.Add("X-Auth-Token");
policy.Headers.Add("Origin");
policy.ExposedHeaders.Add("DataServiceVersion");
policy.ExposedHeaders.Add("MaxDataServiceVersion");
policy.ExposedHeaders.Add("X-Auth-Token");
policy.SupportsCredentials = true;
return policy;
}
// Reject CORS request
return null;
}
/// <summary>
/// Try to validate the requested method based on <see cref="CorsPolicy"/>.
/// </summary>
/// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param>
/// <param name="policy">The <see cref="CorsPolicy"/>.</param>
/// <param name="result">The <see cref="CorsResult"/>.</param>
/// <returns><c>true</c> if the requested method is valid; otherwise, <c>false</c>. </returns>
/// <exception cref="System.ArgumentNullException">
/// requestContext
/// or
/// policy
/// or
/// result
/// </exception>
public virtual bool TryValidateMethod(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
if (policy == null)
{
throw new ArgumentNullException("policy");
}
if (result == null)
{
throw new ArgumentNullException("result");
}
if (policy.AllowAnyMethod ||
policy.Methods.Contains(requestContext.AccessControlRequestMethod))
{
result.AllowedMethods.Add(requestContext.AccessControlRequestMethod);
}
else
{
result.ErrorMessages.Add(String.Format(
CultureInfo.CurrentCulture,
SRResources.MethodNotAllowed,
requestContext.AccessControlRequestMethod));
}
return result.IsValid;
}
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
app.MapSignalR();
app.Map("/signalr", map =>
{
var corsPolicy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true
};
// Add the domain where your client is hosted on.
corsPolicy.Origins.Add("http://localhost:4200");
map.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver =
r => Task.FromResult(corsPolicy)
}
});
map.RunSignalR();
});
}
public MyCorsPolicyAttribute()
{
// Create a CORS policy.
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
SupportsCredentials = true,
AllowAnyOrigin = true
};
// Add allowed origins.
_policy.Headers.Remove("Cache-Control");
//TODO implemntar lista do banco de dados ou' web.config
_policy.Origins.Add("http://192.168.0.105");
_policy.Origins.Add("http://192.168.0.111");
_policy.Origins.Add("http://localhost");
_policy.Origins.Add("http://localhost:3941");
_policy.Origins.Add("http://localhost:12165");
_policy.Origins.Add("http://localhost:25372");
_policy.Origins.Add("http://localhost:25372/");
_policy.Origins.Add("http://www.sonicfinanceiro.somee.com");
_policy.Origins.Add("http://sonicfinanceiro.somee.com");
_policy.Origins.Add("http://www.sonicti.somee.com/");
_policy.Origins.Add("http://www.sonicti.somee.com");
_policy.Origins.Add("www.sonicti.somee.com/");
_policy.Origins.Add("www.sonicti.somee.com");
_policy.Origins.Add("http://sonicti.somee.com/");
_policy.Origins.Add("http://sonicti.somee.com");
}
public CorsResult EvaluatePolicy(CorsRequestContext requestContext, CorsPolicy policy)
{
CorsResult corsResult = null;
object request;
requestContext.Properties.TryGetValue(typeof(HttpRequestMessage).FullName, out request);
_traceWriter.TraceBeginEnd(
request as HttpRequestMessage,
TraceCategories.CorsCategory,
TraceLevel.Info,
_innerCorsEngine.GetType().Name,
MethodName,
beginTrace: null,
execute: () => { corsResult = _innerCorsEngine.EvaluatePolicy(requestContext, policy); },
endTrace: (tr) =>
{
if (corsResult != null)
{
tr.Message = String.Format(CultureInfo.CurrentCulture, SRResources.TraceEndCorsResultReturned, corsResult);
}
else
{
tr.Message = SRResources.TraceEndNoCorsResultReturned;
}
},
errorTrace: null);
return corsResult;
}
public void Configuration(IAppBuilder app)
{
app.Map("/signalr", map =>
{
var corsPolicy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true
};
corsPolicy.AllowAnyHeader = true;
corsPolicy.AllowAnyMethod = true;
corsPolicy.SupportsCredentials = true;
map.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = r => Task.FromResult(corsPolicy)
}
});
map.RunSignalR(new HubConfiguration()
{
EnableJSONP = true,
EnableJavaScriptProxies = true
});
});
ConfigureAuth(app);
}
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
//UseRedisBackplane();
//UseServiceBusBackplane();
//UseSqlBackplane();
// Branch the pipeline here for requests that start with "/signalr"
app.Map("/signalr", map =>
{
CorsPolicy corsPolicy = new CorsPolicy()
{
AllowAnyHeader = true,
//AllowAnyOrigin = true,
AllowAnyMethod = true,
SupportsCredentials = true
};
// Get Allowed Origins from Config and split by comma. Can be changed to any character that you chose.
string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',');
// To split by multiple types use the following example as a template:
//string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',', '+');
foreach (string origin in origins)
{
corsPolicy.Origins.Add(origin);
}
var corsOptions = new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
};
// Setup the CORS middleware to run before SignalR.
// By default this will allow all origins. You can
// configure the set of origins and/or http verbs by
// providing a cors options with a different policy.
map.UseCors(corsOptions);
var hubConfiguration = new HubConfiguration
{
// You can enable JSONP by uncommenting line below.
// JSONP requests are insecure but some older browsers (and some
// versions of IE) require JSONP to work cross domain
EnableDetailedErrors = true,
//EnableJSONP = true,
//EnableJavaScriptProxies = true
};
// Run the SignalR pipeline. We're not using MapSignalR
// since this branch already runs under the "/signalr"
// path.
map.RunSignalR(hubConfiguration);
});
//app.MapSignalR();
}
private static void SetHeadersIfRequired(
this CorsOptions options,
CorsPolicy corsPolicy)
{
if (options.AllowAnyHeader) return;
SetList(options.AllowedHeaders, corsPolicy.Headers);
}
private static void SetMethodsIfRequired(
this CorsOptions options,
CorsPolicy corsPolicy)
{
if (options.AllowAnyMethod) return;
SetList(options.AllowedMethods, corsPolicy.Methods);
}
private static void SetOriginsIfRequired(
this CorsOptions options,
CorsPolicy corsPolicy)
{
if (options.AllowAnyOrigin) return;
SetList(options.AllowedOrigins, corsPolicy.Origins);
}
private void Init(List<String> domains)
{
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
domains.ForEach(d => _policy.Origins.Add(d));
}
private Task HandleCorsRequestAsync(IOwinContext context, CorsPolicy policy, CorsRequestContext corsRequestContext)
{
CorsResult result;
if (TryEvaluateCorsPolicy(policy, corsRequestContext, out result))
{
WriteCorsHeaders(context, result);
}
return _next(context.Environment);
}
public EnableCustomCors()
{
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
_policy.Origins.Add("http://localhost:8080");
}
private CorsPolicy GetPolicyForControllerAndOrigin(
string controller, string originRequested)
{
// Do database lookup to determine if the controller is allowed for
// the origin and create CorsPolicy if it is (otherwise return null)
var policy = new CorsPolicy();
policy.Origins.Add(originRequested);
policy.Methods.Add("GET");
return policy;
}
public CustomCORSAttribute()
{
_policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true
};
_policy.Origins.Add("localhost");
}
public void Configuration(IAppBuilder app)
{
ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
app.Use(async (context, next) =>
{
if (context.Request.Method != "OPTIONS" && context.Request.Cookies.Any())
{
var cookie = context.Request.Cookies["Halo-Secure"];
if (!string.IsNullOrEmpty(cookie))
{
context.Request.Headers.Remove("Authorization");
context.Request.Headers.Add("Authorization", new[] { "Bearer " + cookie }); //.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", cookie.Cookies[0].Value);
}
}
await next.Invoke();
});
var corsPolicy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = false,
SupportsCredentials = true
};
corsPolicy.Origins.Add("http://localhost:32150");
//corsPolicy.Origins.Add("https://localhost:32150");
//corsPolicy.Origins.Add("http://localhost:32150/");
//corsPolicy.Origins.Add("https://localhost:32150/");
corsPolicy.ExposedHeaders.Add("X-Custom-Header");
app.UseCors(new Microsoft.Owin.Cors.CorsOptions()
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(corsPolicy)
}
});
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "https://HFL0100:44333",
RequiredScopes = new[] { "api1" },
ValidationMode = ValidationMode.Local,
AuthenticationType = "Bearer",
AuthenticationMode = AuthenticationMode.Active,
});
// configure web api
var config = new HttpConfiguration();
config.Filters.Add(new AuthorizeAttribute());
config.MapHttpAttributeRoutes();
app.UseWebApi(config);
}
/// <summary>
/// 表示允许跨域请求
/// </summary>
public ApiCorsPolicyAttribute()
{
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
_policy.Origins.Add("http://2.16898.cc");
_policy.Origins.Add("http://198.18.0.254:8009/");
_policy.Origins.Add("http://localhost:5405");
}
public MyCorsPolicyProvider()
{
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
// Add allowed origins.
_policy.Origins.Add("http://localhost:5268");
}
/// <summary>
/// Default options allows all request, CORS does not limit anything
/// </summary>
public BackOfficeAuthServerProviderOptions()
{
//These are the defaults that we know work but people can modify them
// on startup if required.
CorsPolicy = new CorsPolicy()
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
SupportsCredentials = true
};
}
/// <summary>
/// Default options allows all request, CORS does not limit anything
/// </summary>
public UmbracoRestApiOptions()
{
//These are the defaults that we know work with auth and the REST API
// but people can modify them if required.
CorsPolicy = new CorsPolicy()
{
AllowAnyOrigin = true,
SupportsCredentials = true,
AllowAnyHeader = true,
Methods = {"GET", "POST", "DELETE", "PUT"}
};
}
private CorsPolicy ConfigPolicy()
{
string[] domains = ConfigurationManager.AppSettings["CORS"].Split(';');
var policy = new CorsPolicy();
foreach (var domain in domains)
{
policy.Origins.Add(domain);
}
policy.AllowAnyMethod = true;
policy.AllowAnyHeader = true;
policy.SupportsCredentials = true;
return policy;
}
public CorsPolicyProvider()
{
// Create a CORS policy.
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = true
};
// Magic line right here
_policy.Origins.Add("http://localhost/MonfuSportsStore");
}
private CorsPolicy CreatePolicy(string origin)
{
var policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
SupportsCredentials = true
};
if (!String.IsNullOrWhiteSpace(origin))
{
policy.Origins.Add(origin);
}
return policy;
}
public MyCorsPolicyAttribute()
{
// Create a CORS policy.
this._policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = true
};
//// Add allowed origins.
//_policy.Origins.Add("http://myclient.azurewebsites.net");
//_policy.Origins.Add("http://www.contoso.com");
}
public ConfigCorsPolicy(string origin)
{
// Create a CORS policy.
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true
};
// Add allowed origins.
string [] origins = origin.Split(new string[]{";"}, StringSplitOptions.RemoveEmptyEntries);
foreach(string o in origins)
_policy.Origins.Add(o);
//_policy.Origins.Add(origin);
}
public virtual bool TryValidateOrigin(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
if (policy == null)
{
throw new ArgumentNullException("policy");
}
if (result == null)
{
throw new ArgumentNullException("result");
}
if (requestContext.Origin != null)
{
if (policy.AllowAnyOrigin)
{
if (policy.SupportsCredentials)
{
result.AllowedOrigin = requestContext.Origin;
}
else
{
result.AllowedOrigin = CorsConstants.AnyOrigin;
}
}
else if (policy.Origins.Contains(requestContext.Origin))
{
result.AllowedOrigin = requestContext.Origin;
}
else
{
result.ErrorMessages.Add(string.Format(CultureInfo.CurrentCulture, "OriginNotAllowed=The origin '{0}' is not allowed.", new object[] { requestContext.Origin }));
}
}
else
{
result.ErrorMessages.Add("The request does not contain the Origin header.");
}
return(result.IsValid);
}
/// <summary>
/// Evaluates the policy.
/// </summary>
/// <param name="requestContext">The <see cref="CorsRequestContext" />.</param>
/// <param name="policy">The <see cref="CorsPolicy" />.</param>
/// <returns>
/// The <see cref="CorsResult" />
/// </returns>
/// <exception cref="System.ArgumentNullException">
/// requestContext
/// or
/// policy
/// </exception>
public virtual CorsResult EvaluatePolicy(CorsRequestContext requestContext, CorsPolicy policy)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
if (policy == null)
{
throw new ArgumentNullException("policy");
}
CorsResult result = new CorsResult();
if (!TryValidateOrigin(requestContext, policy, result))
{
return(result);
}
result.SupportsCredentials = policy.SupportsCredentials;
if (requestContext.IsPreflight)
{
if (!TryValidateMethod(requestContext, policy, result))
{
return(result);
}
if (!TryValidateHeaders(requestContext, policy, result))
{
return(result);
}
result.PreflightMaxAge = policy.PreflightMaxAge;
}
else
{
AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders);
}
return(result);
}
/// <summary>
/// Try to validate the requested headers based on <see cref="CorsPolicy"/>.
/// </summary>
/// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param>
/// <param name="policy">The <see cref="CorsPolicy"/>.</param>
/// <param name="result">The <see cref="CorsResult"/>.</param>
/// <returns><c>true</c> if the requested headers are valid; otherwise, <c>false</c>. </returns>
/// <exception cref="System.ArgumentNullException">
/// requestContext
/// or
/// policy
/// or
/// result
/// </exception>
public virtual bool TryValidateHeaders(
CorsRequestContext requestContext,
CorsPolicy policy,
CorsResult result
)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
if (policy == null)
{
throw new ArgumentNullException("policy");
}
if (result == null)
{
throw new ArgumentNullException("result");
}
if (
policy.AllowAnyHeader ||
requestContext.AccessControlRequestHeaders.IsSubsetOf(policy.Headers)
)
{
AddHeaderValues(result.AllowedHeaders, requestContext.AccessControlRequestHeaders);
}
else
{
result.ErrorMessages.Add(
String.Format(
CultureInfo.CurrentCulture,
SRResources.HeadersNotAllowed,
String.Join(",", requestContext.AccessControlRequestHeaders)
)
);
}
return(result.IsValid);
}
/// <summary>
/// Try to validate the requested method based on <see cref="CorsPolicy"/>.
/// </summary>
/// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param>
/// <param name="policy">The <see cref="CorsPolicy"/>.</param>
/// <param name="result">The <see cref="CorsResult"/>.</param>
/// <returns><c>true</c> if the requested method is valid; otherwise, <c>false</c>. </returns>
/// <exception cref="System.ArgumentNullException">
/// requestContext
/// or
/// policy
/// or
/// result
/// </exception>
public virtual bool TryValidateMethod(
CorsRequestContext requestContext,
CorsPolicy policy,
CorsResult result
)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
if (policy == null)
{
throw new ArgumentNullException("policy");
}
if (result == null)
{
throw new ArgumentNullException("result");
}
if (
policy.AllowAnyMethod ||
policy.Methods.Contains(requestContext.AccessControlRequestMethod)
)
{
result.AllowedMethods.Add(requestContext.AccessControlRequestMethod);
}
else
{
result.ErrorMessages.Add(
String.Format(
CultureInfo.CurrentCulture,
SRResources.MethodNotAllowed,
requestContext.AccessControlRequestMethod
)
);
}
return(result.IsValid);
}
public virtual bool TryValidateHeaders(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
if (policy == null)
{
throw new ArgumentNullException("policy");
}
if (result == null)
{
throw new ArgumentNullException("result");
}
if (policy.AllowAnyHeader || requestContext.AccessControlRequestHeaders.IsSubsetOf(policy.Headers))
{
AddHeaderValues(result.AllowedHeaders, requestContext.AccessControlRequestHeaders);
}
else
{
result.ErrorMessages.Add(string.Format(CultureInfo.CurrentCulture, "The collection of headers '{0}' is not allowed.", new object[] { string.Join(",", requestContext.AccessControlRequestHeaders) }));
}
return(result.IsValid);
}
