Esempio n. 1
0
        public CorsPolicy Build()
        {
            CorsPolicyBuilder policy = new CorsPolicyBuilder();

            ApplyAlls();

            var origins = Origins.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();

            if (origins.Any())
            {
                if (origins.First() == "*")
                {
                    policy.AllowAnyOrigin();
                }
                else
                {
                    policy.WithOrigins(origins);
                }
                if (AllowCredentials && origins.First() != "*")
                {
                    policy.AllowCredentials();
                }
                else
                {
                    policy.DisallowCredentials();
                }
            }

            var methods = Methods.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();

            if (methods.Any())
            {
                if (methods.First() == "*")
                {
                    policy.AllowAnyMethod();
                }
                else
                {
                    policy.WithMethods(methods);
                }
            }

            var headers = Headers.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();

            if (headers.Any())
            {
                if (headers.First() == "*")
                {
                    policy.AllowAnyHeader();
                }
                else
                {
                    policy.WithHeaders(headers);
                }
            }

            policy.SetIsOriginAllowedToAllowWildcardSubdomains();

            return(policy.Build());
        }
Esempio n. 2
0
        public static void SetupCors(this IServiceCollection services, IConfiguration configuration)
        {
            if (!configuration.GetValue <bool>("CorsEnabled"))
            {
                return;
            }

            var corsPolicies = configuration.GetSection("CorsPolicies");

            if (corsPolicies.GetChildren().All(section => section.Key != KEYS_POLICY_NAME))
            {
                services.AddCors(options => options.AddPolicy(KEYS_POLICY_NAME,
                                                              builder => builder
                                                              .AllowCredentials()
                                                              .AllowAnyHeader()
                                                              .AllowAnyMethod()
                                                              .AllowAnyOrigin()
                                                              ));
            }

            foreach (var policyConfiguration in corsPolicies.GetChildren())
            {
                var headers        = policyConfiguration.GetSection("Headers").Value?.Split(',');
                var methods        = policyConfiguration.GetSection("Methods").Value?.Split(',');
                var origins        = policyConfiguration.GetSection("Origins").Value?.Split(',');
                var exposedHeaders = policyConfiguration.GetSection("ExposedHeaders").Value?.Split(',');

                if (methods == null || origins == null)
                {
                    throw new InvalidOperationException(
                              $"Missing configuration fields for {policyConfiguration.Key}, please specify Headers, Methods, Origins and ExposedHeaders");
                }

                var policyBuilder = new CorsPolicyBuilder(origins);
                policyBuilder
                .WithHeaders(headers ?? new string[] { })
                .WithMethods(methods)
                .WithExposedHeaders(exposedHeaders ?? new string[] { });

                if (policyConfiguration.GetValue <bool>("AllowCredentials"))
                {
                    policyBuilder.AllowCredentials();
                }
                else
                {
                    policyBuilder.DisallowCredentials();
                }

                var maxPreflightAge = policyConfiguration.GetValue <double>("MaxPreflightAge");
                if (maxPreflightAge != 0)
                {
                    policyBuilder.SetPreflightMaxAge(TimeSpan.FromSeconds(maxPreflightAge));
                }

                services.AddCors(options => options.AddPolicy(policyConfiguration.Key, policyBuilder.Build()));
            }
        }
Esempio n. 3
0
 internal static void AddCORS(CorsPolicyBuilder builder, Configuration configData)
 {
     if (!string.IsNullOrEmpty(configData.AllowedOrigins))
     {
         if (configData.AllowedOrigins == "*")
         {
             builder.AllowAnyOrigin();
         }
         else
         {
             var allowedOrigins = configData.AllowedOrigins.Split(",", StringSplitOptions.RemoveEmptyEntries);
             builder.WithOrigins(allowedOrigins);
         }
     }
     if (!string.IsNullOrEmpty(configData.AllowedMethods))
     {
         if (configData.AllowedMethods == "*")
         {
             builder.AllowAnyMethod();
         }
         else
         {
             var allowedMethods = configData.AllowedMethods.Split(",", StringSplitOptions.RemoveEmptyEntries);
             builder.WithMethods(allowedMethods);
         }
     }
     if (!string.IsNullOrEmpty(configData.AllowedHeaders))
     {
         if (configData.AllowedHeaders == "*")
         {
             builder.AllowAnyHeader();
         }
         else
         {
             var allowedHeaders = configData.AllowedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries);
             builder.WithHeaders(allowedHeaders);
         }
     }
     if (!string.IsNullOrEmpty(configData.AllowedExposedHeaders))
     {
         var allowedExposedHeaders = configData.AllowedExposedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries);
         if (allowedExposedHeaders.Any())
         {
             builder.WithExposedHeaders(allowedExposedHeaders);
         }
     }
     if (configData.IsAllowedCredentials && configData.AllowedOrigins != "*")
     {
         builder.AllowCredentials();
     }
     else
     {
         builder.DisallowCredentials();
     }
 }
Esempio n. 4
0
    public void DisallowCredential_SetsSupportsCredentials_ToFalse()
    {
        // Arrange
        var builder = new CorsPolicyBuilder();

        // Act
        builder.DisallowCredentials();

        // Assert
        var corsPolicy = builder.Build();

        Assert.False(corsPolicy.SupportsCredentials);
    }
Esempio n. 5
0
        public static void AddApiConfig(this IServiceCollection services, IConfiguration configuration)
        {
            var corsBuilder = new CorsPolicyBuilder();

            corsBuilder.AllowAnyHeader();
            corsBuilder.AllowAnyMethod();
            corsBuilder.AllowAnyOrigin();
            corsBuilder.DisallowCredentials();

            services.AddCors(options =>
            {
                options.AddPolicy("AllowAll", corsBuilder.Build());
            });

            services.AddControllers();
        }
Esempio n. 6
0
        public CorsPolicy Build()
        {
            CorsPolicyBuilder policy = new CorsPolicyBuilder();

            if (this.AllowAnyOrigin)
            {
                policy.AllowAnyOrigin();
            }
            else
            {
                policy.WithOrigins(this.Origins);
            }

            if (this.AllowAnyHeader)
            {
                policy.AllowAnyHeader();
            }
            else
            {
                policy.WithHeaders(this.Headers);
            }

            if (this.AllowAnyMethod)
            {
                policy.AllowAnyMethod();
            }
            else
            {
                policy.WithMethods(this.Methods);
            }

            if (this.SupportsCredentials)
            {
                policy.AllowCredentials();
            }
            else
            {
                policy.DisallowCredentials();
            }

            policy.WithExposedHeaders("content-disposition");

            return(policy.Build());
        }
Esempio n. 7
0
        public CorsPolicy Build()
        {
            var policy = new CorsPolicyBuilder();

            if (this.AllowAnyOrigin)
            {
                policy.AllowAnyOrigin();
            }
            else
            {
                policy.WithOrigins(this.Origins);
            }

            if (this.AllowAnyHeader)
            {
                policy.AllowAnyHeader();
            }
            else
            {
                policy.WithHeaders(this.Headers);
            }

            if (this.AllowAnyMethod)
            {
                policy.AllowAnyMethod();
            }
            else
            {
                policy.WithMethods(this.Methods);
            }

            if (this.SupportsCredentials)
            {
                policy.AllowCredentials();
            }
            else
            {
                policy.DisallowCredentials();
            }

            return(policy.Build());
        }
Esempio n. 8
0
        private static void AddPolicy(CorsPolicyBuilder policyBuilder, CorsPolicyConfiguration policy)
        {
            if (policy.Origins.Length == 0)
            {
                throw new System.ArgumentException();
            }
            policyBuilder.WithOrigins(policy.Origins);

            // Configure methods
            if (policy.Methods.Length == 0)
            {
                policyBuilder.AllowAnyMethod();
            }
            else
            {
                policyBuilder.WithMethods(policy.Methods);
            }

            // Configure headers
            if (policy.Headers.Length == 0)
            {
                policyBuilder.AllowAnyHeader();
            }
            else
            {
                policyBuilder.WithHeaders(policy.Headers);
            }

            //Configure credentials
            if (policy.AllowCredentials)
            {
                policyBuilder.AllowCredentials();
            }
            else
            {
                policyBuilder.DisallowCredentials();
            }
        }
Esempio n. 9
0
        public CorsPolicy Build()
        {
            CorsPolicyBuilder policy = new CorsPolicyBuilder();

            if (AllowAnyOrigin)
            {
                policy.AllowAnyOrigin();
            }
            else
            {
                policy.WithOrigins(Origins);
            }
            if (AllowAnyMethod)
            {
                policy.AllowAnyMethod();
            }
            else
            {
                policy.WithMethods(Origins);
            }
            if (AllowAnyHeader)
            {
                policy.AllowAnyHeader();
            }
            else
            {
                policy.WithHeaders(Origins);
            }
            if (AllowCredentials && Origins?.Length > 0)
            {
                policy.AllowCredentials();
            }
            else
            {
                policy.DisallowCredentials();
            }
            return(policy.Build());
        }
Esempio n. 10
0
        public CorsPolicy Build()
        {
            CorsPolicyBuilder policy = new CorsPolicyBuilder();

            if (Origins.IsEmpty())
            {
                policy.AllowAnyOrigin();
            }
            else
            {
                policy.WithOrigins(Origins);
            }
            if (Methods.IsEmpty())
            {
                policy.AllowAnyMethod();
            }
            else
            {
                policy.WithMethods(Origins);
            }
            if (Headers.IsEmpty())
            {
                policy.AllowAnyHeader();
            }
            else
            {
                policy.WithHeaders(Origins);
            }
            if (AllowCredentials)
            {
                policy.AllowCredentials();
            }
            else
            {
                policy.DisallowCredentials();
            }
            return(policy.Build());
        }
        public static IServiceCollection AddElectCors(this IServiceCollection services,
                                                      [NotNull] Action <ElectCorsOptions> configuration)
        {
            services.Configure(configuration);

            var options = configuration.GetValue();

            var corsBuilder = new CorsPolicyBuilder();

            if (options.IsOriginAllowed != null)
            {
                corsBuilder.SetIsOriginAllowed(options.IsOriginAllowed);
            }
            else if (options.AllowOrigins?.Any() == true)
            {
                options.AllowOrigins = options.AllowOrigins.Distinct().OrderBy(x => x).ToList();

                if (options.AllowOrigins.Contains("*"))
                {
                    corsBuilder.SetIsOriginAllowed((origin) => true);
                }
                else
                {
                    corsBuilder.WithOrigins(options.AllowOrigins.ToArray());
                    corsBuilder.SetIsOriginAllowedToAllowWildcardSubdomains();
                }
            }


            if (options.AllowHeaders?.Any() == true)
            {
                if (options.AllowHeaders.Contains("*"))
                {
                    corsBuilder.AllowAnyHeader();
                }
                else
                {
                    corsBuilder.WithHeaders(options.AllowHeaders.ToArray());
                }
            }

            if (options.AllowMethods?.Any() == true)
            {
                if (options.AllowMethods.Contains("*"))
                {
                    corsBuilder.AllowAnyMethod();
                }
                else
                {
                    corsBuilder.WithMethods(options.AllowMethods.ToArray());
                }
            }

            if (options.IsAllowCredentials)
            {
                corsBuilder.AllowCredentials();
            }
            else
            {
                corsBuilder.DisallowCredentials();
            }

            options.ExtendPolicyBuilder?.Invoke(corsBuilder);

            services.AddCors(config =>
            {
                config.DefaultPolicyName = options.PolicyName;

                config.AddDefaultPolicy(corsBuilder.Build());

                options.ExtendPolicyOptions?.Invoke(config);
            });

            services.Configure <MvcOptions>(config =>
            {
                config.Filters.Add(new CorsAuthorizationFilterFactory(options.PolicyName));
            });

            services.TryAddTransient <CorsAuthorizationFilter, CorsAuthorizationFilter>();

            return(services);
        }
Esempio n. 12
0
        public void DisallowCredential_SetsSupportsCredentials_ToFalse()
        {
            // Arrange
            var builder = new CorsPolicyBuilder();

            // Act
            builder.DisallowCredentials();

            // Assert
            var corsPolicy = builder.Build();
            Assert.False(corsPolicy.SupportsCredentials);
        }