public async Task Invoke_HasEndpointWithEnableMetadata_HasSignificantDisableCors_ReturnsNoContentForPreflightRequest() { // Arrange var corsService = Mock.Of <ICorsService>(); var policyProvider = Mock.Of <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; var middleware = new CorsMiddleware( c => { throw new Exception("Should not be called."); }, corsService, loggerFactory, "DefaultPolicyName"); var httpContext = new DefaultHttpContext(); httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute(), new DisableCorsAttribute()), "Test endpoint")); httpContext.Request.Method = "OPTIONS"; httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "GET" }); // Act await middleware.Invoke(httpContext, policyProvider); // Assert Assert.Equal(StatusCodes.Status204NoContent, httpContext.Response.StatusCode); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddCors(opts => { var corsMw = new CorsMiddleware(opts); corsMw.AddAllowAllOriginsPolicy(); }); services.AddMvc( setupAction => { setupAction.ReturnHttpNotAcceptable = true; setupAction.OutputFormatters.Add(new XmlDataContractSerializerOutputFormatter()); setupAction.InputFormatters.Add(new XmlDataContractSerializerInputFormatter()); }); services.AddScoped <IUsersService>(provider => new UsersService(new DateTimeProvider(), new UsersRepository())); services.AddScoped <IEventsService>(provider => new EventsService(new EventsRepository())); services.AddSingleton <IActionContextAccessor, ActionContextAccessor>(); services.AddScoped <IUrlHelper, UrlHelper>(implementationFactory => { var actionContext = implementationFactory.GetService <IActionContextAccessor>().ActionContext; return(new UrlHelper(actionContext)); }); // Register the Swagger generator, defining 1 or more Swagger documents services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "Example API", Version = "v1" }); c.OperationFilter <ExamplesOperationFilter>(); }); }
public async Task Invoke_HasEndpointWithMutlipleMetadata_SkipCorsBecauseOfMetadataOrder() { // Arrange var corsService = Mock.Of <ICorsService>(); var mockProvider = new Mock <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>())) .Returns(Task.FromResult <CorsPolicy>(null)) .Verifiable(); var middleware = new CorsMiddleware( Mock.Of <RequestDelegate>(), corsService, loggerFactory, "DefaultPolicyName"); var httpContext = new DefaultHttpContext(); httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute("MetadataPolicyName"), new DisableCorsAttribute()), "Test endpoint")); httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); // Act await middleware.Invoke(httpContext, mockProvider.Object); // Assert mockProvider.Verify( o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()), Times.Never); }
public async Task Uses_PolicyProvider_AsFallback() { // Arrange var corsService = Mock.Of <ICorsService>(); var mockProvider = new Mock <ICorsPolicyProvider>(); mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>())) .Returns(Task.FromResult <CorsPolicy>(null)) .Verifiable(); var middleware = new CorsMiddleware( Mock.Of <RequestDelegate>(), corsService, mockProvider.Object, policyName: null); var httpContext = new DefaultHttpContext(); httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); // Act await middleware.Invoke(httpContext); // Assert mockProvider.Verify( o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()), Times.Once); }
public async Task DoesNotSetHeaders_ForNoPolicy() { // Arrange var corsService = Mock.Of <ICorsService>(); var mockProvider = new Mock <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>())) .Returns(Task.FromResult <CorsPolicy>(null)) .Verifiable(); var middleware = new CorsMiddleware( Mock.Of <RequestDelegate>(), corsService, loggerFactory, policyName: null); var httpContext = new DefaultHttpContext(); httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); // Act await middleware.Invoke(httpContext, mockProvider.Object); // Assert Assert.Equal(200, httpContext.Response.StatusCode); Assert.Empty(httpContext.Response.Headers); mockProvider.Verify( o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()), Times.Once); }
public async Task Invoke_HasEndpointWithEnableMetadata_HasSignificantDisableCors_ExecutesNextMiddleware() { // Arrange var executed = false; var corsService = Mock.Of <ICorsService>(); var policyProvider = Mock.Of <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; var middleware = new CorsMiddleware( c => { executed = true; return(Task.CompletedTask); }, corsService, loggerFactory, "DefaultPolicyName"); var httpContext = new DefaultHttpContext(); httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute(), new DisableCorsAttribute()), "Test endpoint")); httpContext.Request.Method = "GET"; httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "GET" }); // Act await middleware.Invoke(httpContext, policyProvider); // Assert Assert.True(executed); Mock.Get(policyProvider).Verify(v => v.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()), Times.Never()); Mock.Get(corsService).Verify(v => v.EvaluatePolicy(It.IsAny <HttpContext>(), It.IsAny <CorsPolicy>()), Times.Never()); }
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines) { pipelines.AfterRequest += (ctx) => { ctx = new CorsMiddleware().Process(ctx); ctx = new AddHeaderMiddleware().Process(ctx, "Content-Type", "application/json"); }; pipelines.OnError += (context, exception) => HandleException(context, exception); }
public CorsMiddleware CreateCorsMiddleware(RequestDelegate next, IOptions <HostCorsOptions> corsOptions) { CorsPolicy policy = _corsOptions.Value.GetPolicy(_corsOptions.Value.DefaultPolicyName); var corsService = new CorsService(_corsOptions); var middleware = new CorsMiddleware(next, corsService, policy, _loggerFactory); return(middleware); }
static void Main(string[] args) { HorseMvc mvc = new HorseMvc(); mvc.IsDevelopment = false; mvc.Init(services => { services.AddScoped <IScopedService, ScopedService>(); services.AddTransient <IFirstService, FirstService>(); services.AddTransient <ISecondService, SecondService>(); services.AddJwt(mvc, options => { options.Key = "Very_very_secret_key"; options.Issuer = "localhost"; options.Audience = "localhost"; options.Lifetime = TimeSpan.FromHours(1); options.ValidateAudience = false; options.ValidateIssuer = false; options.ValidateLifetime = true; }); mvc.Policies.Add(Policy.RequireRole("Admin", "Admin")); mvc.Policies.Add(Policy.RequireClaims("IT", "Database", "Cloud", "Source")); mvc.Policies.Add(Policy.Custom("Custom", (d, c) => true)); mvc.StatusCodeResults.Add(HttpStatusCode.Unauthorized, new JsonResult(new { Message = "Access denied" })); mvc.ErrorHandler = new MvcErrorHandler(); }); CorsMiddleware cors = new CorsMiddleware(); cors.AllowAll(); mvc.Use(app => { app.UseActionRoute("/test-action", request => new StringResult("Hello, Test Action!")); app.UseMiddleware(cors); app.UseMiddleware <TMid>(); app.UseFiles("/download", "/home/mehmet/files"); }); HorseServer server = new HorseServer(); var opt = HttpOptions.CreateDefault(); opt.HttpConnectionTimeMax = 0; server.UseMvc(mvc, opt); server.Run(4410); }
static void Main(string[] args) { using TwinoMvc mvc = new TwinoMvc(); mvc.IsDevelopment = false; mvc.Init(twino => { twino.Services.AddScoped <IScopedService, ScopedService>(); twino.Services.AddTransient <IFirstService, FirstService>(); twino.Services.AddTransient <ISecondService, SecondService>(); twino.AddJwt(options => { options.Key = "Very_very_secret_key"; options.Issuer = "localhost"; options.Audience = "localhost"; options.Lifetime = TimeSpan.FromHours(1); options.ValidateAudience = false; options.ValidateIssuer = false; options.ValidateLifetime = true; }); twino.Policies.Add(Policy.RequireRole("Admin", "Admin")); twino.Policies.Add(Policy.RequireClaims("IT", "Database", "Cloud", "Source")); twino.Policies.Add(Policy.Custom("Custom", (d, c) => true)); twino.Services.AddHttpClient(); twino.StatusCodeResults.Add(HttpStatusCode.Unauthorized, new JsonResult(new { Message = "Access denied" })); }); CorsMiddleware cors = new CorsMiddleware(); cors.AllowAll(); mvc.Use(app => { app.UseMiddleware(cors); app.UseMiddleware <TMid>(); app.UseFiles("/download", "/home/mehmet/files"); }); TwinoServer server = new TwinoServer(); var opt = HttpOptions.CreateDefault(); opt.HttpConnectionTimeMax = 0; server.UseMvc(mvc, opt); server.Start(441); server.BlockWhileRunning(); }
public async Task Invoke_WithCustomPolicyProviderThatReturnsAsynchronously_Works() { // Arrange var corsService = new CorsService(Options.Create(new CorsOptions()), NullLoggerFactory.Instance); var mockProvider = new Mock <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; var policy = new CorsPolicyBuilder() .WithOrigins(OriginUrl) .WithHeaders("AllowedHeader") .Build(); mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>())) .ReturnsAsync(policy, TimeSpan.FromMilliseconds(10)); var middleware = new CorsMiddleware( Mock.Of <RequestDelegate>(), corsService, loggerFactory, "DefaultPolicyName"); var httpContext = new DefaultHttpContext(); httpContext.Request.Method = "OPTIONS"; httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { OriginUrl }); httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "PUT" }); // Act await middleware.Invoke(httpContext, mockProvider.Object); // Assert var response = httpContext.Response; Assert.Collection( response.Headers.OrderBy(o => o.Key), kvp => { Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key); Assert.Equal("AllowedHeader", Assert.Single(kvp.Value)); }, kvp => { Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key); Assert.Equal(OriginUrl, Assert.Single(kvp.Value)); }); }
public async Task TestSkipsOnOptions(string method, bool shouldBeCalled) { var middleware = new CorsMiddleware(_loggerFactory); var context = new DefaultHttpContext(); var called = false; context.Request.Method = method; context.Response.Body = new MemoryStream(); await middleware.InvokeAsync(context, (ctx) => { called = true; return(Task.CompletedTask); }); Assert.Equal(shouldBeCalled, called); }
public async Task TestCorsHeadersAreSet() { var middleware = new CorsMiddleware(_loggerFactory); var context = new DefaultHttpContext(); context.Response.Body = new MemoryStream(); await middleware.InvokeAsync(context, (ctx) => { var headers = new string[] { "Authorization", "Content-Type", "Accept" }; Assert.Equal("*", GetFirstHeaderValue(ctx.Response.Headers, "Access-Control-Allow-Origin")); Assert.Equal(headers, GetHeaderValues(ctx.Response.Headers, "Access-Control-Allow-Headers")); Assert.Equal("POST", GetFirstHeaderValue(ctx.Response.Headers, "Access-Control-Allow-Methods")); return(Task.CompletedTask); }); }
public async Task Invoke_HasEndpointRequireCorsMetadata_MiddlewareHasPolicy_RunsCorsWithPolicyName() { // Arrange var defaultPolicy = new CorsPolicyBuilder().Build(); var metadataPolicy = new CorsPolicyBuilder().Build(); var mockCorsService = new Mock <ICorsService>(); var mockProvider = new Mock <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>())) .Returns(Task.FromResult <CorsPolicy>(null)) .Verifiable(); mockCorsService.Setup(o => o.EvaluatePolicy(It.IsAny <HttpContext>(), It.IsAny <CorsPolicy>())) .Returns(new CorsResult()) .Verifiable(); var middleware = new CorsMiddleware( Mock.Of <RequestDelegate>(), mockCorsService.Object, defaultPolicy, loggerFactory); var httpContext = new DefaultHttpContext(); httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new CorsPolicyMetadata(metadataPolicy)), "Test endpoint")); httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); // Act await middleware.Invoke(httpContext, mockProvider.Object); // Assert mockProvider.Verify( o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()), Times.Never); mockCorsService.Verify( o => o.EvaluatePolicy(It.IsAny <HttpContext>(), metadataPolicy), Times.Once); }
public async Task Invoke_WithoutOrigin_InvokeFlagSet() { // Arrange var corsService = Mock.Of <ICorsService>(); var mockProvider = Mock.Of <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; var middleware = new CorsMiddleware( Mock.Of <RequestDelegate>(), corsService, loggerFactory, "DefaultPolicyName"); var httpContext = new DefaultHttpContext(); httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute("MetadataPolicyName"), new DisableCorsAttribute()), "Test endpoint")); // Act await middleware.Invoke(httpContext, mockProvider); // Assert Assert.Contains(httpContext.Items, item => string.Equals(item.Key as string, "__CorsMiddlewareWithEndpointInvoked")); }
public async Task Invoke_WithoutEndpoint_InvokeFlagSet() { // Arrange var corsService = Mock.Of <ICorsService>(); var mockProvider = Mock.Of <ICorsPolicyProvider>(); var loggerFactory = NullLoggerFactory.Instance; var middleware = new CorsMiddleware( Mock.Of <RequestDelegate>(), corsService, loggerFactory, "DefaultPolicyName"); var httpContext = new DefaultHttpContext(); httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); // Act await middleware.Invoke(httpContext, mockProvider); // Assert Assert.DoesNotContain(httpContext.Items, item => string.Equals(item.Key as string, "__CorsMiddlewareWithEndpointInvoked")); }
public async Task DoesNotSetHeaders_ForNoPolicy() { // Arrange var corsService = Mock.Of<ICorsService>(); var mockProvider = new Mock<ICorsPolicyProvider>(); mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>())) .Returns(Task.FromResult<CorsPolicy>(null)) .Verifiable(); var middleware = new CorsMiddleware( Mock.Of<RequestDelegate>(), corsService, mockProvider.Object, policyName: null); var httpContext = new DefaultHttpContext(); httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); // Act await middleware.Invoke(httpContext); // Assert Assert.Equal(200, httpContext.Response.StatusCode); Assert.Empty(httpContext.Response.Headers); mockProvider.Verify( o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()), Times.Once); }
public JobHostCorsMiddleware(IOptions <HostCorsOptions> hostCorsOptions, ICorsMiddlewareFactory middlewareFactory) { _corsMiddleware = middlewareFactory.CreateCorsMiddleware(InvokeNext, hostCorsOptions); }