private ICorsPolicyProvider GetCorsPolicyProvider(HttpActionDescriptor actionDescriptor) { ICorsPolicyProvider policyProvider = null; if (actionDescriptor != null) { HttpControllerDescriptor controllerDescriptor = actionDescriptor.ControllerDescriptor; policyProvider = actionDescriptor .GetCustomAttributes <ICorsPolicyProvider>() .FirstOrDefault(); if (policyProvider == null && controllerDescriptor != null) { policyProvider = controllerDescriptor .GetCustomAttributes <ICorsPolicyProvider>() .FirstOrDefault(); } } if (policyProvider == null) { policyProvider = DefaultPolicyProvider; } return(policyProvider); }
public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/percontrollerconfig" ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider); string origin = Assert.Single(enableCorsAttribute.Origins); Assert.Equal("http://example.com", origin); }
/// <summary> /// Instantiates a new <see cref="CorsMiddleware"/>. /// </summary> /// <param name="next">The next middleware in the pipeline.</param> /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param> /// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param> /// <param name="policyName">An optional name of the policy to be fetched.</param> public CorsMiddleware( RequestDelegate next, ICorsService corsService, ICorsPolicyProvider policyProvider, string policyName) { if (next == null) { throw new ArgumentNullException(nameof(next)); } if (corsService == null) { throw new ArgumentNullException(nameof(corsService)); } if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } _next = next; _corsService = corsService; _corsPolicyProvider = policyProvider; _corsPolicyName = policyName; }
/// <summary> /// Instantiates a new <see cref="CorsMiddleware"/>. /// </summary> /// <param name="next">The next middleware in the pipeline.</param> /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param> /// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param> public CorsMiddleware( RequestDelegate next, ICorsService corsService, ICorsPolicyProvider policyProvider) : this(next, corsService, policyProvider, policyName : null) { }
public async Task Invoke(HttpContext context, ICorsService corsService, ICorsPolicyProvider policyProvider, IAllowedOriginsProvider allowedOriginsProvider) { if (context.Request.Headers.ContainsKey(CorsConstants.Origin)) { var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod]; var isPreflight = IsPreflight(context, accessControlRequestMethod); var corsPolicy = await GetPolicy(context, isPreflight, policyProvider, allowedOriginsProvider); if (corsPolicy != null) { var corsResult = corsService.EvaluatePolicy(context, corsPolicy); corsService.ApplyResult(corsResult, context.Response); if (isPreflight) { context.Response.StatusCode = StatusCodes.Status204NoContent; return; } } } await Next(context); }
public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection() { // Arrange AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST"); HttpConfiguration config = new HttpConfiguration(); HttpControllerContext controllerContext = null; var actionSelector = new Mock <IHttpActionSelector>(); actionSelector.Setup(s => s.SelectAction(It.IsAny <HttpControllerContext>())) .Callback <HttpControllerContext>(context => { Assert.False(((SampleController)context.Controller).Disposed); controllerContext = context; }); config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.SetRouteData(route.GetRouteData("/", request)); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); // Assert Assert.True(((SampleController)controllerContext.Controller).Disposed); }
/// <summary> /// Enables the support for CORS. /// </summary> /// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param> /// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param> public static void EnableCors( this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider ) { EnableCors(httpConfiguration, defaultPolicyProvider, false); }
public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider( string httpMethod, string path, Type expectedProviderType ) { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/sample" + path ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); request.SetRouteData(route.GetRouteData("/", request)); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.IsType(expectedProviderType, provider); }
public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object; providerFactory.DefaultPolicyProvider = mockProvider; HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/sample" ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); request.SetRouteData(route.GetRouteData("/", request)); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.Same(mockProvider, provider); }
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(); Func <string> action = new SampleController().Get; HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor { ControllerName = "Sample", ControllerType = typeof(SampleController) }; request.SetActionDescriptor( new ReflectedHttpActionDescriptor { MethodInfo = action.Method, ControllerDescriptor = controllerDescriptor } ); request.Headers.Add("Origin", "http://example.com"); ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request); Assert.NotNull(policyProvider); Assert.IsType <EnableCorsAttribute>(policyProvider); }
/// <summary> /// Instantiates a new <see cref="CorsMiddleware"/>. /// </summary> /// <param name="next">The next middleware in the pipeline.</param> /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param> /// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param> /// <param name="loggerFactory">An instance of <see cref="ILoggerFactory"/>.</param> /// <param name="policyName">An optional name of the policy to be fetched.</param> public CorsMiddleware( RequestDelegate next, ICorsService corsService, ICorsPolicyProvider policyProvider, ILoggerFactory loggerFactory, string policyName) { if (next == null) { throw new ArgumentNullException(nameof(next)); } if (corsService == null) { throw new ArgumentNullException(nameof(corsService)); } if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (loggerFactory == null) { throw new ArgumentNullException(nameof(loggerFactory)); } _next = next; CorsService = corsService; _corsPolicyProvider = policyProvider; _corsPolicyName = policyName; Logger = loggerFactory.CreateLogger <CorsMiddleware>(); }
public RouteValidator(ITransformBuilder transformBuilder, IAuthorizationPolicyProvider authorizationPolicyProvider, ICorsPolicyProvider corsPolicyProvider, ILogger <RouteValidator> logger) { _transformBuilder = transformBuilder ?? throw new ArgumentNullException(nameof(transformBuilder)); _authorizationPolicyProvider = authorizationPolicyProvider ?? throw new ArgumentNullException(nameof(authorizationPolicyProvider)); _corsPolicyProvider = corsPolicyProvider ?? throw new ArgumentNullException(nameof(corsPolicyProvider)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); }
public ICorsPolicyProvider GetCorsPolicyProvider(HttpRequestMessage request) { ICorsPolicyProvider policyProvider = null; _traceWriter.TraceBeginEnd( request, TraceCategories.CorsCategory, TraceLevel.Info, _innerPolicyProviderFactory.GetType().Name, MethodName, beginTrace: (tr) => { tr.Message = String.Format(CultureInfo.CurrentCulture, SRResources.TraceCorsRequestContext, request.GetCorsRequestContext()); }, execute: () => { policyProvider = _innerPolicyProviderFactory.GetCorsPolicyProvider(request); }, endTrace: (tr) => { if (policyProvider != null) { tr.Message = String.Format(CultureInfo.CurrentCulture, SRResources.TraceEndPolicyProviderReturned, policyProvider); } else { tr.Message = SRResources.TraceEndNoPolicyProviderReturned; } }, errorTrace: null); if (policyProvider != null) { return(new CorsPolicyProviderTracer(policyProvider, _traceWriter)); } return(null); }
public CorsMiddleware( RequestDelegate next, ICorsService corsService, ICorsPolicyProvider policyProvider) : this(next, corsService, policyProvider, NullLoggerFactory.Instance, policyName : null) { }
private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolicyProvider) { var corsPolicy = _policy ?? await corsPolicyProvider.GetPolicyAsync(context, _corsPolicyName); if (corsPolicy == null) { Logger?.NoCorsPolicyFound(); await _next(context); return; } var corsResult = CorsService.EvaluatePolicy(context, corsPolicy); if (corsResult.IsPreflightRequest) { CorsService.ApplyResult(corsResult, context.Response); // Since there is a policy which was identified, // always respond to preflight requests. context.Response.StatusCode = StatusCodes.Status204NoContent; return; } else { context.Response.OnStarting(OnResponseStartingDelegate, Tuple.Create(this, context, corsResult)); await _next(context); } }
public CorsPolicyProviderTracer(ICorsPolicyProvider innerPolicyProvider, ITraceWriter traceWriter) { Contract.Assert(innerPolicyProvider != null); Contract.Assert(traceWriter != null); _innerPolicyProvider = innerPolicyProvider; _traceWriter = traceWriter; }
public CorsMiddleWare(RequestDelegate next, ICorsService service, ICorsPolicyProvider corsPolicyProvider, CorsPolicy policy, string corsPolicyName) { _next = next; _corsService = service; _corsPolicyProvider = corsPolicyProvider; _policy = policy; _corsPolicyName = corsPolicyName; }
/// <summary> /// Instantiates a new <see cref="CorsMiddleware"/>. /// </summary> /// <param name="next">The next middleware in the pipeline.</param> /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param> /// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param> /// <param name="loggerFactory">An instance of <see cref="ILoggerFactory"/>.</param> public CorsMiddleware( RequestDelegate next, ICorsService corsService, ICorsPolicyProvider policyProvider, ILoggerFactory loggerFactory) : this(next, corsService, policyProvider, loggerFactory, policyName : null) { }
public CorsMiddlewar(RequestDelegate next, ICorsService corsService, ICorsPolicyProvider corsPolicyProvider) { _next = next; _corsService = corsService; _corsPolicyProvider = corsPolicyProvider; }
/// <inheritdoc /> public Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider) { if (!context.Request.Headers.ContainsKey(CorsConstants.Origin)) { return(_next(context)); } return(InvokeCore(context, corsPolicyProvider)); }
public CorsPolicyProvider( ILogger <CorsPolicyProvider> logger, Decorator <ICorsPolicyProvider> inner, IdentityServerOptions options, IHttpContextAccessor httpContext) { _logger = logger; _inner = inner.Instance; _options = options; _httpContext = httpContext; }
/// <summary> /// Instantiates a new <see cref="CorsMiddleware"/>. /// </summary> /// <param name="next">The next middleware in the pipeline.</param> /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param> /// <param name="policyProvider">A policy provider which can get an <see cref="CorsPolicy"/>.</param> /// <param name="policyName">An optional name of the policy to be fetched.</param> public CorsMiddleware( [NotNull] RequestDelegate next, [NotNull] ICorsService corsService, [NotNull] ICorsPolicyProvider policyProvider, string policyName) { _next = next; _corsService = corsService; _corsPolicyProvider = policyProvider; _corsPolicyName = policyName; }
public CorsPolicyProvider( ILogger <CorsPolicyProvider> logger, Decorator <ICorsPolicyProvider> inner, IdentityServerOptions options, ICorsPolicyService corsPolicyService) { _logger = logger; _inner = inner.Instance; _options = options; _corsPolicyService = corsPolicyService; }
/// <summary> /// Creates a new instance of CorsMiddleware. /// </summary> /// <param name="next"></param> /// <param name="options"></param> public CorsMiddleware(OwinMiddleware next, CorsOptions options) : base(next) { if (options == null) { throw new ArgumentNullException("options"); } _corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider(); _corsEngine = options.CorsEngine ?? new CorsEngine(); }
public async Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider) { if (!context.Request.Headers.ContainsKey(CorsConstants.Origin)) { await _next(context); } else { await InvokeCore(context, corsPolicyProvider); } }
private async Task <CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken) { CorsPolicy corsPolicy = null; ICorsPolicyProviderFactory corsPolicyProviderFactory = _httpConfiguration.GetCorsPolicyProviderFactory(); ICorsPolicyProvider corsPolicyProvider = corsPolicyProviderFactory.GetCorsPolicyProvider(request); if (corsPolicyProvider != null) { corsPolicy = await corsPolicyProvider.GetCorsPolicyAsync(request, cancellationToken); } return(corsPolicy); }
public ConfigValidator(ITransformBuilder transformBuilder, IAuthorizationPolicyProvider authorizationPolicyProvider, ICorsPolicyProvider corsPolicyProvider, IEnumerable <ISessionAffinityProvider> sessionAffinityProviders, IEnumerable <IAffinityFailurePolicy> affinityFailurePolicies) { _transformBuilder = transformBuilder ?? throw new ArgumentNullException(nameof(transformBuilder)); _authorizationPolicyProvider = authorizationPolicyProvider ?? throw new ArgumentNullException(nameof(authorizationPolicyProvider)); _corsPolicyProvider = corsPolicyProvider ?? throw new ArgumentNullException(nameof(corsPolicyProvider)); _sessionAffinityProviders = sessionAffinityProviders?.ToProviderDictionary() ?? throw new ArgumentNullException(nameof(sessionAffinityProviders)); _affinityFailurePolicies = affinityFailurePolicies?.ToPolicyDictionary() ?? throw new ArgumentNullException(nameof(affinityFailurePolicies)); }
public WebApiInstaller EnableCors(ICorsPolicyProvider policy = null) { if (policy != null) { _configuration.EnableCors(policy); } else { _configuration.EnableCors(); } return(this); }
/// <inheritdoc /> public Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider) { // Flag to indicate to other systems, that CORS middleware was run for this request context.Items[CorsMiddlewareInvokedKey] = CorsMiddlewareInvokedValue; if (!context.Request.Headers.ContainsKey(CorsConstants.Origin)) { return(_next(context)); } return(InvokeCore(context, corsPolicyProvider)); }
/// <summary> /// Creates a new instance of CorsMiddleware. /// </summary> /// <param name="next"></param> /// <param name="options"></param> public CorsMiddleware(AppFunc next, CorsOptions options) { if (next == null) { throw new ArgumentNullException("next"); } if (options == null) { throw new ArgumentNullException("options"); } _next = next; _corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider(); _corsEngine = options.CorsEngine ?? new CorsEngine(); }
/// <summary> /// Enables the support for CORS. /// </summary> /// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param> /// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param> /// <exception cref="System.ArgumentNullException">httpConfiguration</exception> public static void EnableCors(this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider) { if (httpConfiguration == null) { throw new ArgumentNullException("httpConfiguration"); } if (defaultPolicyProvider != null) { AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory(); policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider; httpConfiguration.SetCorsPolicyProviderFactory(policyProviderFactory); } AddCorsMessageHandler(httpConfiguration); }
/// <summary> /// Creates a new instance of <see cref="CorsAuthorizationFilter"/>. /// </summary> /// <param name="corsService">The <see cref="ICorsService"/>.</param> /// <param name="policyProvider">The <see cref="ICorsPolicyProvider"/>.</param> public CorsAuthorizationFilter(ICorsService corsService, ICorsPolicyProvider policyProvider) { _corsService = corsService; _corsPolicyProvider = policyProvider; }