Exemple #1
0
 /// <summary>
 /// Instantiates a new <see cref="CorsMiddleware"/>.
 /// </summary>
 /// <param name="next">The next middleware in the pipeline.</param>
 /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
 /// <param name="policy">An instance of the <see cref="CorsPolicy"/> which can be applied.</param>
 public CorsMiddleware(
    [NotNull] RequestDelegate next,
    [NotNull] ICorsService corsService,
    [NotNull] CorsPolicy policy)
 {
     _next = next;
     _corsService = corsService;
     _policy = policy;
 }
Exemple #2
0
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors();

            services.AddMvc();

            services.ConfigureCors(o =>
            {
                var policy = new CorsPolicy();
                policy.Origins.Add("http://localhost:5001");
                o.AddPolicy("policy1", policy);
            });
        }
Exemple #3
0
        /// <summary>
        /// Adds a new policy.
        /// </summary>
        /// <param name="name">The name of the policy.</param>
        /// <param name="policy">The <see cref="CorsPolicy"/> policy to be added.</param>
        public void AddPolicy(string name, CorsPolicy policy)
        {
            if (name == null)
            {
                throw new ArgumentNullException(nameof(name));
            }

            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            PolicyMap[name] = policy;
        }
Exemple #4
0
        // This method gets called by a runtime.
        // Use this method to add services to the container
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();

            // Uncomment the following line to add Web API services which makes it easier to port Web API 2 controllers.
            // You will also need to add the Microsoft.AspNet.Mvc.WebApiCompatShim package to the 'dependencies' section of project.json.
            // services.AddWebApiConventions();
            services.AddCors();

            var policy = new Microsoft.AspNet.Cors.Core.CorsPolicy();

            policy.Headers.Add("*");
            policy.Methods.Add("*");
            policy.Origins.Add("*");
            policy.SupportsCredentials = true;

            services.ConfigureCors(x => x.AddPolicy("mypolicy", policy));
        }
Exemple #5
0
        // This method gets called by a runtime.
        // Use this method to add services to the container
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();

            // Uncomment the following line to add Web API services which makes it easier to port Web API 2 controllers.
            // You will also need to add the Microsoft.AspNet.Mvc.WebApiCompatShim package to the 'dependencies' section of project.json.
            // services.AddWebApiConventions();
            services.AddCors();

            var policy = new Microsoft.AspNet.Cors.Core.CorsPolicy();

            policy.Headers.Add("*");
            policy.Methods.Add("*");
            policy.Origins.Add("*");
            policy.SupportsCredentials = true;

            services.ConfigureCors(x => x.AddPolicy("mypolicy", policy));
        }
Exemple #6
0
        public async Task PreFlight_MatchesPolicy_SetsResponseHeaders()
        {
            // Arrange
            var policy = new CorsPolicy();
            policy.Origins.Add("http://localhost:5001");
            policy.Methods.Add("PUT");
            policy.Headers.Add("Header1");
            policy.ExposedHeaders.Add("AllowedHeader");

            using (var server = TestServer.Create(app =>
            {
                app.UseCors("customPolicy");
                app.Run(async context =>
                {
                    await context.Response.WriteAsync("Cross origin response");
                });
            },
            services =>
            {
                services.AddCors(options =>
                {
                    options.AddPolicy("customPolicy", policy);
                });
            }))
            {
                // Act
                // Preflight request.
                var response = await server.CreateRequest("/")
                    .AddHeader(CorsConstants.Origin, "http://localhost:5001")
                    .AddHeader(CorsConstants.AccessControlRequestMethod, "PUT")
                    .SendAsync(CorsConstants.PreflightHttpMethod);

                // Assert
                response.EnsureSuccessStatusCode();
                Assert.Equal(2, response.Headers.Count());
                Assert.Equal("http://localhost:5001", response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault());
                Assert.Equal("PUT", response.Headers.GetValues(CorsConstants.AccessControlAllowMethods).FirstOrDefault());
            }
        }
Exemple #7
0
        public virtual void EvaluatePreflightRequest(HttpContext context, CorsPolicy policy, CorsResult result)
        {
            var origin = context.Request.Headers.Get(CorsConstants.Origin);

            if (origin == null || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin))
            {
                return;
            }

            var accessControlRequestMethod = context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod);

            if (accessControlRequestMethod == null)
            {
                return;
            }

            var requestHeaders =
                context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestHeaders);

            if (!policy.AllowAnyMethod && !policy.Methods.Contains(accessControlRequestMethod))
            {
                return;
            }

            if (!policy.AllowAnyHeader &&
                requestHeaders != null &&
                !requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
            {
                return;
            }

            AddOriginToResult(origin, policy, result);
            result.SupportsCredentials = policy.SupportsCredentials;
            result.PreflightMaxAge     = policy.PreflightMaxAge;
            result.AllowedMethods.Add(accessControlRequestMethod);
            AddHeaderValues(result.AllowedHeaders, requestHeaders);
        }
Exemple #8
0
        /// <summary>
        /// Instantiates a new <see cref="CorsMiddleware"/>.
        /// </summary>
        /// <param name="next">The next middleware in the pipeline.</param>
        /// <param name="corsService">An instance of <see cref="ICorsService"/>.</param>
        /// <param name="policy">An instance of the <see cref="CorsPolicy"/> which can be applied.</param>
        public CorsMiddleware(
           RequestDelegate next,
           ICorsService corsService,
           CorsPolicy policy)
        {
            if (next == null)
            {
                throw new ArgumentNullException(nameof(next));
            }

            if (corsService == null)
            {
                throw new ArgumentNullException(nameof(corsService));
            }

            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            _next = next;
            _corsService = corsService;
            _policy = policy;
        }
Exemple #9
0
 private void AddOriginToResult(string origin, CorsPolicy policy, CorsResult result)
 {
     if (policy.AllowAnyOrigin)
     {
         if (policy.SupportsCredentials)
         {
             result.AllowedOrigin = origin;
             result.VaryByOrigin = true;
         }
         else
         {
             result.AllowedOrigin = CorsConstants.AnyOrigin;
         }
     }
     else if (policy.Origins.Contains(origin))
     {
         result.AllowedOrigin = origin;
     }
 }
Exemple #10
0
        public virtual void EvaluateRequest(HttpContext context, CorsPolicy policy, CorsResult result)
        {
            var origin = context.Request.Headers.Get(CorsConstants.Origin);
            if (origin == null || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin))
            {
                return;
            }

            AddOriginToResult(origin, policy, result);
            result.SupportsCredentials = policy.SupportsCredentials;
            AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders);
        }
Exemple #11
0
        public virtual void EvaluatePreflightRequest(HttpContext context, CorsPolicy policy, CorsResult result)
        {
            var origin = context.Request.Headers.Get(CorsConstants.Origin);
            if (origin == null || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin))
            {
                return;
            }

            var accessControlRequestMethod = context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod);
            if (accessControlRequestMethod == null)
            {
                return;
            }

            var requestHeaders =
                context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestHeaders);

            if (!policy.AllowAnyMethod && !policy.Methods.Contains(accessControlRequestMethod))
            {
                return;
            }

            if (!policy.AllowAnyHeader &&
                requestHeaders != null &&
                !requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
            {
                return;
            }

            AddOriginToResult(origin, policy, result);
            result.SupportsCredentials = policy.SupportsCredentials;
            result.PreflightMaxAge = policy.PreflightMaxAge;
            result.AllowedMethods.Add(accessControlRequestMethod);
            AddHeaderValues(result.AllowedHeaders, requestHeaders);
        }
Exemple #12
0
 /// <summary>
 /// Creates a new instance of the <see cref="CorsPolicyBuilder"/>.
 /// </summary>
 /// <param name="policy">The policy which will be used to intialize the builder.</param>
 public CorsPolicyBuilder(CorsPolicy policy)
 {
     Combine(policy);
 }
Exemple #13
0
        /// <summary>
        /// Combines the given <paramref name="policy"/> to the existing properties in the builder.
        /// </summary>
        /// <param name="policy">The policy which needs to be combined.</param>
        /// <returns>The current policy builder</returns>
        private CorsPolicyBuilder Combine(CorsPolicy policy)
        {
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            WithOrigins(policy.Origins.ToArray());
            WithHeaders(policy.Headers.ToArray());
            WithExposedHeaders(policy.ExposedHeaders.ToArray());
            WithMethods(policy.Methods.ToArray());
            SetPreflightMaxAge(policy.PreflightMaxAge.Value);

            if (policy.SupportsCredentials)
            {
                AllowCredentials();
            }
            else
            {
                DisallowCredentials();
            }

            return this;
        }
Exemple #14
0
 /// <summary>
 /// Adds a new policy.
 /// </summary>
 /// <param name="name">The name of the policy.</param>
 /// <param name="policy">The <see cref="CorsPolicy"/> policy to be added.</param>
 public void AddPolicy([NotNull] string name, [NotNull] CorsPolicy policy)
 {
     PolicyMap[name] = policy;
 }
Exemple #15
0
        /// <inheritdoc />
        public CorsResult EvaluatePolicy(HttpContext context, CorsPolicy policy)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            var corsResult = new CorsResult();
            var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod];
            if (string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.Ordinal) &&
                !StringValues.IsNullOrEmpty(accessControlRequestMethod))
            {
                EvaluatePreflightRequest(context, policy, corsResult);
            }
            else
            {
                EvaluateRequest(context, policy, corsResult);
            }

            return corsResult;
        }