public async Task <IActionResult> PutAllowedOrigins(int id, AllowedOrigins allowedOrigins)
{
if (id != allowedOrigins.Id)
{
return(BadRequest());
}
_context.Entry(allowedOrigins).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!AllowedOriginsExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(NoContent());
}
/// <summary>
/// Determines whether the origin allowed.
/// </summary>
/// <param name="origin">The origin.</param>
/// <returns></returns>
public virtual Task <bool> IsOriginAllowedAsync(string origin)
{
if (!String.IsNullOrWhiteSpace(origin))
{
if (AllowAll)
{
Logger.LogDebug("AllowAll true, so origin: {0} is allowed", origin);
return(Task.FromResult(true));
}
if (AllowedOrigins != null)
{
if (AllowedOrigins.Contains(origin, StringComparer.OrdinalIgnoreCase))
{
Logger.LogDebug("AllowedOrigins configured and origin {0} is allowed", origin);
return(Task.FromResult(true));
}
else
{
Logger.LogDebug("AllowedOrigins configured and origin {0} is not allowed", origin);
}
}
Logger.LogDebug("Exiting; origin {0} is not allowed", origin);
}
return(Task.FromResult(false));
}
// Edit an existing rule.
private void CmdEditRule_Click(object sender, RoutedEventArgs e)
{
if (RulesList.SelectedIndex == -1)
{
return;
}
RuleButtonPanel.Visibility = Visibility.Collapsed;
EditMode = 2;
EditIndex = RulesList.SelectedIndex;
CORSRule rule = _rules[RulesList.SelectedIndex];
AllowedOrigins.Text = rule.AllowedOrigins;
AllowedMethods.Text = rule.AllowedMethods;
AllowedHeaders.Text = rule.AllowedHeaders;
ExposedHeaders.Text = rule.ExposedHeaders;
MaxAge.Text = rule.MaxAgeInSeconds;
EditRuleLabel.Visibility = Visibility.Visible;
EditRuleLabel2.Visibility = Visibility.Visible;
EditRulePanel.Visibility = Visibility.Visible;
DialogButtonPanel.Visibility = Visibility.Collapsed;
AllowedOrigins.Focus();
}
/// <summary>
/// Determines whether the origin allowed.
/// </summary>
/// <param name="origin">The origin.</param>
/// <returns></returns>
public Task <bool> IsOriginAllowedAsync(string origin)
{
if (AllowAll)
{
Logger.InfoFormat("AllowAll true, so origin: {0} is allowed", origin);
return(Task.FromResult(true));
}
if (AllowedOrigins != null)
{
if (AllowedOrigins.Contains(origin, StringComparer.OrdinalIgnoreCase))
{
Logger.InfoFormat("AllowedOrigins configured and origin {0} is allowed", origin);
return(Task.FromResult(true));
}
else
{
Logger.InfoFormat("AllowedOrigins configured and origin {0} is not allowed", origin);
}
}
Logger.InfoFormat("Exiting; origin {0} is not allowed", origin);
return(Task.FromResult(false));
}
/// <summary>
/// Determines whether the origin allowed.
/// </summary>
/// <param name="origin">The origin.</param>
/// <returns></returns>
public virtual Task<bool> IsOriginAllowedAsync(string origin)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultCorsPolicyService.IsOriginAllowed");
if (!String.IsNullOrWhiteSpace(origin))
{
if (AllowAll)
{
Logger.LogDebug("AllowAll true, so origin: {0} is allowed", origin);
return Task.FromResult(true);
}
if (AllowedOrigins != null)
{
if (AllowedOrigins.Contains(origin, StringComparer.OrdinalIgnoreCase))
{
Logger.LogDebug("AllowedOrigins configured and origin {0} is allowed", origin);
return Task.FromResult(true);
}
else
{
Logger.LogDebug("AllowedOrigins configured and origin {0} is not allowed", origin);
}
}
Logger.LogDebug("Exiting; origin {0} is not allowed", origin);
}
return Task.FromResult(false);
}
public async Task <ActionResult <AllowedOrigins> > PostAllowedOrigins(AllowedOrigins allowedOrigins)
{
_context.AllowedOrigins.Add(allowedOrigins);
await _context.SaveChangesAsync();
return(CreatedAtAction("GetAllowedOrigins", new { id = allowedOrigins.Id }, allowedOrigins));
}
public void CreatesCorrectPolicy(string origin1, string origin2)
{
var basePolicy = new AllowedOrigins(new [] { origin1, origin2 });
var xml = basePolicy.GetXml().ToString();
xml.Should().Be(
@$ "<allowed-origins>
<origin>{origin1}</origin>
private void WriteDefaultResponseHeaders(HttpContext context)
{
if (AllowedOrigins.Count > 0 && !string.IsNullOrWhiteSpace(context.Request.Headers["Origin"]))
{
if (AllowedOrigins.Contains("*"))
{
context.Response.Headers.Add("Access-Control-Allow-Origin", "*");
}
else if (AllowedOrigins.Contains(context.Request.Headers["Origin"], StringComparer.OrdinalIgnoreCase))
{
context.Response.Headers.Add("Access-Control-Allow-Origin", context.Request.Headers["Origin"]);
context.Response.Headers.Add("Vary", "Origin");
}
}
}
/// <summary>
/// Determines whether origin is allowed.
/// </summary>
/// <param name="origin">The origin.</param>
/// <returns></returns>
public async Task <bool> IsOriginAllowedAsync(string origin)
{
await Initialize();
var result = AllowedOrigins.Contains(origin, StringComparer.OrdinalIgnoreCase);
if (result)
{
_logger.LogDebug("Client list checked and origin: {0} is allowed", origin);
}
else
{
_logger.LogDebug("Client list checked and origin: {0} is not allowed", origin);
}
return(result);
}
// Add a new rule.
private void CmdNewRule_Click(object sender, RoutedEventArgs e)
{
RuleButtonPanel.Visibility = Visibility.Collapsed;
EditMode = 1;
AllowedOrigins.Text = String.Empty;
AllowedMethods.Text = String.Empty;
AllowedHeaders.Text = String.Empty;
ExposedHeaders.Text = String.Empty;
MaxAge.Text = String.Empty;
EditRuleLabel.Visibility = Visibility.Visible;
EditRuleLabel2.Visibility = Visibility.Visible;
EditRulePanel.Visibility = Visibility.Visible;
DialogButtonPanel.Visibility = Visibility.Collapsed;
AllowedOrigins.Focus();
}
void IUtf8JsonSerializable.Write(Utf8JsonWriter writer)
{
writer.WriteStartObject();
if (AllowedOrigins != null && AllowedOrigins.Any())
{
writer.WritePropertyName("allowedOrigins");
writer.WriteStartArray();
foreach (var item in AllowedOrigins)
{
writer.WriteStringValue(item);
}
writer.WriteEndArray();
}
if (MaxAgeInSeconds != null)
{
writer.WritePropertyName("maxAgeInSeconds");
writer.WriteNumberValue(MaxAgeInSeconds.Value);
}
writer.WriteEndObject();
}
/// <summary>
/// Adds one or more origins
/// </summary>
/// <param name="originAddress">Addresses of the origin</param>
/// <returns>CorsPolicy</returns>
public CorsPolicy WithOrigins(params string[] originAddress)
{
if (AllowedOrigins == null)
{
AllowedOrigins = new List <string>();
}
if (!AllowedOrigins.Contains("*"))
{
foreach (string newOrigin in originAddress)
{
if (!AllowedOrigins.Contains(newOrigin))
{
AllowedOrigins.Add(newOrigin);
}
}
}
return(this);
}
/// <summary>
/// 跨域规则
/// </summary>
public SetBucketCorsRequest ToCORSRules()
{
var request = new SetBucketCorsRequest(Name);
var rule = new CORSRule();
rule.MaxAgeSeconds = MaxAgeSeconds;
if (AllowedOrigins != null && AllowedOrigins.Length > 0)
{
AllowedOrigins.ToList().ForEach(x => rule.AddAllowedOrigin(x));
}
else
{
throw new Abp.UI.UserFriendlyException("AllowedOrigins 不能是空");
}
if (AllowedHeaders != null && AllowedHeaders.Length > 0)
{
AllowedHeaders.ToList().ForEach(x => rule.AddAllowedHeader(x));
}
if (AllowedMethods != null && AllowedMethods.Length > 0)
{
AllowedMethods.ToList().ForEach(x => rule.AddAllowedMethod(x));
}
else
{
throw new Abp.UI.UserFriendlyException("AllowedMethod 不能是空");
}
if (ExposedHeaders != null && ExposedHeaders.Length > 0)
{
if (ExposedHeaders.Contains("*"))
{
throw new Abp.UI.UserFriendlyException("ExposedHeaders 不能使用*通配符");
}
ExposedHeaders.ToList().ForEach(x => rule.AddExposeHeader(x));
}
request.AddCORSRule(rule);
return(request);
}
/// <summary>
/// Determines whether the origin allowed.
/// </summary>
/// <param name="origin">The origin.</param>
/// <returns></returns>
public async Task <bool> IsOriginAllowedAsync(string origin)
{
if (AllowAll)
{
Logger.InfoFormat("AllowAll true, so origin: {0} is allowed", origin);
return(true);
}
if (AllowedOrigins != null)
{
if (AllowedOrigins.Contains(origin, StringComparer.OrdinalIgnoreCase))
{
Logger.InfoFormat("AllowedOrigins configured and origin {0} is allowed", origin);
return(true);
}
else
{
Logger.InfoFormat("AllowedOrigins configured and origin {0} is not allowed", origin);
}
}
if (policyCallback != null)
{
if (await policyCallback(origin))
{
Logger.InfoFormat("policyCallback callback invoked and origin {0} is allowed", origin);
return(true);
}
else
{
Logger.InfoFormat("policyCallback callback invoked and origin {0} is not allowed", origin);
}
}
Logger.InfoFormat("Exiting; origin {0} is not allowed", origin);
return(false);
}
string[] GetAllowedOrigins()
{
var origins = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
if (!AllowedOrigins.IsNullOrWhiteSpace())
{
origins.UnionWith(GetAllowedOrigins(AllowedOrigins));
}
if (!AllowedOriginsAppSetting.IsNullOrWhiteSpace())
{
var config = ServiceLocator.Current.GetInstance <IConfigurationProvider>();
origins.UnionWith(GetAllowedOrigins(config[AllowedOriginsAppSetting]));
}
if (!AllowedOriginsResolveName.IsNullOrWhiteSpace())
{
return(GetAllowedOrigins(ServiceLocator.Current.GetInstance <string>(AllowedOriginsResolveName)));
}
return(origins.Any() ? origins.ToArray() : null);
}
private async Task Initialize()
{
if (!Initialized)
{
AllowedOrigins.Clear();
Initialized = true;
byte[] pagingState = null;
do
{
var page = await _fullClientStore.PageAsync(100, pagingState);
pagingState = page.PagingState;
var query = from client in page
from url in client.AllowedCorsOrigins
select url.GetOrigin();
foreach (var allowedOrigin in query)
{
AllowedOrigins.Add(allowedOrigin);
}
} while (pagingState != null);
}
}
private static void ReadOrigins(JToken originToken)
{
if (originToken == null)
{
return;
}
switch (originToken.Type)
{
case JTokenType.String:
var value = originToken.Value <string>();
if (string.IsNullOrWhiteSpace(value))
{
return;
}
AllowedOrigins.Add(new Uri(value));
break;
case JTokenType.Array:
originToken.ForEach(ReadOrigins);
break;
default: throw new ArgumentOutOfRangeException();
}
}
public IAllowedMethodsPolicyBuilder Origins(params string[] origins)
{
_allowedOrigins = new AllowedOrigins(origins);
return(this);
}
public IAllowedMethodsPolicyBuilder AllOrigins()
{
_allowedOrigins = new AllowedOrigins();
return(this);
}
public async Task EnableCORSAsync()
{
CorsHttpMethods allowedMethods = CorsHttpMethods.None;
allowedMethods |= CorsHttpMethods.Get;
allowedMethods |= CorsHttpMethods.Put;
allowedMethods |= CorsHttpMethods.Post;
allowedMethods |= CorsHttpMethods.Delete;
allowedMethods |= CorsHttpMethods.Options;
var delimiter = new[] { "," };
var corsRule = new CorsRule();
const string AllowedOrigins = "*";
const string AllowedHeaders = "*";
const string ExposedHeaders = "";
var allAllowedOrigin = AllowedOrigins.Split(delimiter, StringSplitOptions.RemoveEmptyEntries);
var allExpHeaders = ExposedHeaders.Split(delimiter, StringSplitOptions.RemoveEmptyEntries);
var allAllowHeaders = AllowedHeaders.Split(delimiter, StringSplitOptions.RemoveEmptyEntries);
var corsAllowedOrigin = new List <string>();
foreach (var item in allAllowedOrigin)
{
if (!string.IsNullOrWhiteSpace(item))
{
corsAllowedOrigin.Add(item.Trim());
}
}
var corsExposedHeaders = new List <string>();
foreach (var item in allExpHeaders)
{
if (!string.IsNullOrWhiteSpace(item))
{
corsExposedHeaders.Add(item.Trim());
}
}
var corsAllowHeaders = new List <string>();
foreach (var item in allAllowHeaders)
{
if (!string.IsNullOrWhiteSpace(item))
{
corsAllowHeaders.Add(item.Trim());
}
}
corsRule.MaxAgeInSeconds = 200;
corsRule.AllowedMethods = allowedMethods;
corsRule.AllowedHeaders = corsAllowHeaders;
corsRule.AllowedOrigins = corsAllowedOrigin;
corsRule.ExposedHeaders = corsExposedHeaders;
var serviceProperties = await this.blobClient.GetServicePropertiesAsync();
serviceProperties.Cors.CorsRules.Clear();
serviceProperties.Cors.CorsRules.Add(corsRule);
await this.blobClient.SetServicePropertiesAsync(serviceProperties);
}
public SimpleMVCBuilder AddCorsAllowedOrigin(string origin)
{
AllowedOrigins.Add(origin);
return(this);
}
