private ICorsPolicyProvider GetCorsPolicyProvider(HttpActionDescriptor actionDescriptor)
{
ICorsPolicyProvider policyProvider = null;
if (actionDescriptor != null)
{
HttpControllerDescriptor controllerDescriptor =
actionDescriptor.ControllerDescriptor;
policyProvider = actionDescriptor
.GetCustomAttributes <ICorsPolicyProvider>()
.FirstOrDefault();
if (policyProvider == null && controllerDescriptor != null)
{
policyProvider = controllerDescriptor
.GetCustomAttributes <ICorsPolicyProvider>()
.FirstOrDefault();
}
}
if (policyProvider == null)
{
policyProvider = DefaultPolicyProvider;
}
return(policyProvider);
}
public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/percontrollerconfig"
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider);
string origin = Assert.Single(enableCorsAttribute.Origins);
Assert.Equal("http://example.com", origin);
}
/// <summary>
/// Instantiates a new <see cref="CorsMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the pipeline.</param>
/// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
/// <param name="policyName">An optional name of the policy to be fetched.</param>
public CorsMiddleware(
RequestDelegate next,
ICorsService corsService,
ICorsPolicyProvider policyProvider,
string policyName)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
if (corsService == null)
{
throw new ArgumentNullException(nameof(corsService));
}
if (policyProvider == null)
{
throw new ArgumentNullException(nameof(policyProvider));
}
_next = next;
_corsService = corsService;
_corsPolicyProvider = policyProvider;
_corsPolicyName = policyName;
}
/// <summary>
/// Instantiates a new <see cref="CorsMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the pipeline.</param>
/// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
public CorsMiddleware(
RequestDelegate next,
ICorsService corsService,
ICorsPolicyProvider policyProvider)
: this(next, corsService, policyProvider, policyName : null)
{
}
public async Task Invoke(HttpContext context,
ICorsService corsService,
ICorsPolicyProvider policyProvider,
IAllowedOriginsProvider allowedOriginsProvider)
{
if (context.Request.Headers.ContainsKey(CorsConstants.Origin))
{
var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod];
var isPreflight = IsPreflight(context, accessControlRequestMethod);
var corsPolicy = await GetPolicy(context, isPreflight, policyProvider, allowedOriginsProvider);
if (corsPolicy != null)
{
var corsResult = corsService.EvaluatePolicy(context, corsPolicy);
corsService.ApplyResult(corsResult, context.Response);
if (isPreflight)
{
context.Response.StatusCode = StatusCodes.Status204NoContent;
return;
}
}
}
await Next(context);
}
public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection()
{
// Arrange
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST");
HttpConfiguration config = new HttpConfiguration();
HttpControllerContext controllerContext = null;
var actionSelector = new Mock <IHttpActionSelector>();
actionSelector.Setup(s => s.SelectAction(It.IsAny <HttpControllerContext>()))
.Callback <HttpControllerContext>(context =>
{
Assert.False(((SampleController)context.Controller).Disposed);
controllerContext = context;
});
config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object);
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.SetRouteData(route.GetRouteData("/", request));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
// Assert
Assert.True(((SampleController)controllerContext.Controller).Disposed);
}
/// <summary>
/// Enables the support for CORS.
/// </summary>
/// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
/// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param>
public static void EnableCors(
this HttpConfiguration httpConfiguration,
ICorsPolicyProvider defaultPolicyProvider
)
{
EnableCors(httpConfiguration, defaultPolicyProvider, false);
}
public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider(
string httpMethod,
string path,
Type expectedProviderType
)
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/sample" + path
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod);
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
request.SetRouteData(route.GetRouteData("/", request));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.IsType(expectedProviderType, provider);
}
/// <summary>
/// Instantiates a new <see cref="CorsMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the pipeline.</param>
/// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
/// <param name="policyName">An optional name of the policy to be fetched.</param>
public CorsMiddleware(
RequestDelegate next,
ICorsService corsService,
ICorsPolicyProvider policyProvider,
string policyName)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
if (corsService == null)
{
throw new ArgumentNullException(nameof(corsService));
}
if (policyProvider == null)
{
throw new ArgumentNullException(nameof(policyProvider));
}
_next = next;
_corsService = corsService;
_corsPolicyProvider = policyProvider;
_corsPolicyName = policyName;
}
public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object;
providerFactory.DefaultPolicyProvider = mockProvider;
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/sample"
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
request.SetRouteData(route.GetRouteData("/", request));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.Same(mockProvider, provider);
}
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage();
Func <string> action = new SampleController().Get;
HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor
{
ControllerName = "Sample",
ControllerType = typeof(SampleController)
};
request.SetActionDescriptor(
new ReflectedHttpActionDescriptor
{
MethodInfo = action.Method,
ControllerDescriptor = controllerDescriptor
}
);
request.Headers.Add("Origin", "http://example.com");
ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);
Assert.NotNull(policyProvider);
Assert.IsType <EnableCorsAttribute>(policyProvider);
}
/// <summary>
/// Instantiates a new <see cref="CorsMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the pipeline.</param>
/// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
/// <param name="loggerFactory">An instance of <see cref="ILoggerFactory"/>.</param>
/// <param name="policyName">An optional name of the policy to be fetched.</param>
public CorsMiddleware(
RequestDelegate next,
ICorsService corsService,
ICorsPolicyProvider policyProvider,
ILoggerFactory loggerFactory,
string policyName)
{
if (next == null)
{
throw new ArgumentNullException(nameof(next));
}
if (corsService == null)
{
throw new ArgumentNullException(nameof(corsService));
}
if (policyProvider == null)
{
throw new ArgumentNullException(nameof(policyProvider));
}
if (loggerFactory == null)
{
throw new ArgumentNullException(nameof(loggerFactory));
}
_next = next;
CorsService = corsService;
_corsPolicyProvider = policyProvider;
_corsPolicyName = policyName;
Logger = loggerFactory.CreateLogger <CorsMiddleware>();
}
public RouteValidator(ITransformBuilder transformBuilder, IAuthorizationPolicyProvider authorizationPolicyProvider, ICorsPolicyProvider corsPolicyProvider, ILogger <RouteValidator> logger)
{
_transformBuilder = transformBuilder ?? throw new ArgumentNullException(nameof(transformBuilder));
_authorizationPolicyProvider = authorizationPolicyProvider ?? throw new ArgumentNullException(nameof(authorizationPolicyProvider));
_corsPolicyProvider = corsPolicyProvider ?? throw new ArgumentNullException(nameof(corsPolicyProvider));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
}
public ICorsPolicyProvider GetCorsPolicyProvider(HttpRequestMessage request)
{
ICorsPolicyProvider policyProvider = null;
_traceWriter.TraceBeginEnd(
request,
TraceCategories.CorsCategory,
TraceLevel.Info,
_innerPolicyProviderFactory.GetType().Name,
MethodName,
beginTrace: (tr) =>
{
tr.Message = String.Format(CultureInfo.CurrentCulture, SRResources.TraceCorsRequestContext, request.GetCorsRequestContext());
},
execute: () => { policyProvider = _innerPolicyProviderFactory.GetCorsPolicyProvider(request); },
endTrace: (tr) =>
{
if (policyProvider != null)
{
tr.Message = String.Format(CultureInfo.CurrentCulture, SRResources.TraceEndPolicyProviderReturned, policyProvider);
}
else
{
tr.Message = SRResources.TraceEndNoPolicyProviderReturned;
}
},
errorTrace: null);
if (policyProvider != null)
{
return(new CorsPolicyProviderTracer(policyProvider, _traceWriter));
}
return(null);
}
public CorsMiddleware(
RequestDelegate next,
ICorsService corsService,
ICorsPolicyProvider policyProvider)
: this(next, corsService, policyProvider, NullLoggerFactory.Instance, policyName : null)
{
}
private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolicyProvider)
{
var corsPolicy = _policy ?? await corsPolicyProvider.GetPolicyAsync(context, _corsPolicyName);
if (corsPolicy == null)
{
Logger?.NoCorsPolicyFound();
await _next(context);
return;
}
var corsResult = CorsService.EvaluatePolicy(context, corsPolicy);
if (corsResult.IsPreflightRequest)
{
CorsService.ApplyResult(corsResult, context.Response);
// Since there is a policy which was identified,
// always respond to preflight requests.
context.Response.StatusCode = StatusCodes.Status204NoContent;
return;
}
else
{
context.Response.OnStarting(OnResponseStartingDelegate, Tuple.Create(this, context, corsResult));
await _next(context);
}
}
public CorsPolicyProviderTracer(ICorsPolicyProvider innerPolicyProvider, ITraceWriter traceWriter)
{
Contract.Assert(innerPolicyProvider != null);
Contract.Assert(traceWriter != null);
_innerPolicyProvider = innerPolicyProvider;
_traceWriter = traceWriter;
}
public CorsPolicyProviderTracer(ICorsPolicyProvider innerPolicyProvider, ITraceWriter traceWriter)
{
Contract.Assert(innerPolicyProvider != null);
Contract.Assert(traceWriter != null);
_innerPolicyProvider = innerPolicyProvider;
_traceWriter = traceWriter;
}
public CorsMiddleWare(RequestDelegate next, ICorsService service, ICorsPolicyProvider corsPolicyProvider, CorsPolicy policy, string corsPolicyName)
{
_next = next;
_corsService = service;
_corsPolicyProvider = corsPolicyProvider;
_policy = policy;
_corsPolicyName = corsPolicyName;
}
/// <summary>
/// Instantiates a new <see cref="CorsMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the pipeline.</param>
/// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
/// <param name="loggerFactory">An instance of <see cref="ILoggerFactory"/>.</param>
public CorsMiddleware(
RequestDelegate next,
ICorsService corsService,
ICorsPolicyProvider policyProvider,
ILoggerFactory loggerFactory)
: this(next, corsService, policyProvider, loggerFactory, policyName : null)
{
}
public CorsMiddlewar(RequestDelegate next,
ICorsService corsService,
ICorsPolicyProvider corsPolicyProvider)
{
_next = next;
_corsService = corsService;
_corsPolicyProvider = corsPolicyProvider;
}
/// <inheritdoc />
public Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider)
{
if (!context.Request.Headers.ContainsKey(CorsConstants.Origin))
{
return(_next(context));
}
return(InvokeCore(context, corsPolicyProvider));
}
public CorsPolicyProvider(
ILogger <CorsPolicyProvider> logger,
Decorator <ICorsPolicyProvider> inner,
IdentityServerOptions options,
IHttpContextAccessor httpContext)
{
_logger = logger;
_inner = inner.Instance;
_options = options;
_httpContext = httpContext;
}
/// <summary>
/// Instantiates a new <see cref="CorsMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the pipeline.</param>
/// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
/// <param name="policyName">An optional name of the policy to be fetched.</param>
public CorsMiddleware(
[NotNull] RequestDelegate next,
[NotNull] ICorsService corsService,
[NotNull] ICorsPolicyProvider policyProvider,
string policyName)
{
_next = next;
_corsService = corsService;
_corsPolicyProvider = policyProvider;
_corsPolicyName = policyName;
}
public CorsPolicyProvider(
ILogger <CorsPolicyProvider> logger,
Decorator <ICorsPolicyProvider> inner,
IdentityServerOptions options,
ICorsPolicyService corsPolicyService)
{
_logger = logger;
_inner = inner.Instance;
_options = options;
_corsPolicyService = corsPolicyService;
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(OwinMiddleware next, CorsOptions options)
: base(next)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
/// <summary>
/// Instantiates a new <see cref="CorsMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the pipeline.</param>
/// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param>
/// <param name="policyName">An optional name of the policy to be fetched.</param>
public CorsMiddleware(
[NotNull] RequestDelegate next,
[NotNull] ICorsService corsService,
[NotNull] ICorsPolicyProvider policyProvider,
string policyName)
{
_next = next;
_corsService = corsService;
_corsPolicyProvider = policyProvider;
_corsPolicyName = policyName;
}
public async Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider)
{
if (!context.Request.Headers.ContainsKey(CorsConstants.Origin))
{
await _next(context);
}
else
{
await InvokeCore(context, corsPolicyProvider);
}
}
private async Task <CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
CorsPolicy corsPolicy = null;
ICorsPolicyProviderFactory corsPolicyProviderFactory = _httpConfiguration.GetCorsPolicyProviderFactory();
ICorsPolicyProvider corsPolicyProvider = corsPolicyProviderFactory.GetCorsPolicyProvider(request);
if (corsPolicyProvider != null)
{
corsPolicy = await corsPolicyProvider.GetCorsPolicyAsync(request, cancellationToken);
}
return(corsPolicy);
}
public ConfigValidator(ITransformBuilder transformBuilder,
IAuthorizationPolicyProvider authorizationPolicyProvider,
ICorsPolicyProvider corsPolicyProvider,
IEnumerable <ISessionAffinityProvider> sessionAffinityProviders,
IEnumerable <IAffinityFailurePolicy> affinityFailurePolicies)
{
_transformBuilder = transformBuilder ?? throw new ArgumentNullException(nameof(transformBuilder));
_authorizationPolicyProvider = authorizationPolicyProvider ?? throw new ArgumentNullException(nameof(authorizationPolicyProvider));
_corsPolicyProvider = corsPolicyProvider ?? throw new ArgumentNullException(nameof(corsPolicyProvider));
_sessionAffinityProviders = sessionAffinityProviders?.ToProviderDictionary() ?? throw new ArgumentNullException(nameof(sessionAffinityProviders));
_affinityFailurePolicies = affinityFailurePolicies?.ToPolicyDictionary() ?? throw new ArgumentNullException(nameof(affinityFailurePolicies));
}
public WebApiInstaller EnableCors(ICorsPolicyProvider policy = null)
{
if (policy != null)
{
_configuration.EnableCors(policy);
}
else
{
_configuration.EnableCors();
}
return(this);
}
/// <inheritdoc />
public Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider)
{
// Flag to indicate to other systems, that CORS middleware was run for this request
context.Items[CorsMiddlewareInvokedKey] = CorsMiddlewareInvokedValue;
if (!context.Request.Headers.ContainsKey(CorsConstants.Origin))
{
return(_next(context));
}
return(InvokeCore(context, corsPolicyProvider));
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(AppFunc next, CorsOptions options)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
_next = next;
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(AppFunc next, CorsOptions options)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
_next = next;
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
/// <summary>
/// Enables the support for CORS.
/// </summary>
/// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
/// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param>
/// <exception cref="System.ArgumentNullException">httpConfiguration</exception>
public static void EnableCors(this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider)
{
if (httpConfiguration == null)
{
throw new ArgumentNullException("httpConfiguration");
}
if (defaultPolicyProvider != null)
{
AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory();
policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider;
httpConfiguration.SetCorsPolicyProviderFactory(policyProviderFactory);
}
AddCorsMessageHandler(httpConfiguration);
}
/// <summary>
/// Creates a new instance of <see cref="CorsAuthorizationFilter"/>.
/// </summary>
/// <param name="corsService">The <see cref="ICorsService"/>.</param>
/// <param name="policyProvider">The <see cref="ICorsPolicyProvider"/>.</param>
public CorsAuthorizationFilter(ICorsService corsService, ICorsPolicyProvider policyProvider)
{
_corsService = corsService;
_corsPolicyProvider = policyProvider;
}