コード例 #1
0
        public CorsPolicy Build()
        {
            CorsPolicyBuilder policy = new CorsPolicyBuilder();

            ApplyAlls();

            var origins = Origins.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();

            if (origins.Any())
            {
                if (origins.First() == "*")
                {
                    policy.AllowAnyOrigin();
                }
                else
                {
                    policy.WithOrigins(origins);
                }
                if (AllowCredentials && origins.First() != "*")
                {
                    policy.AllowCredentials();
                }
                else
                {
                    policy.DisallowCredentials();
                }
            }

            var methods = Methods.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();

            if (methods.Any())
            {
                if (methods.First() == "*")
                {
                    policy.AllowAnyMethod();
                }
                else
                {
                    policy.WithMethods(methods);
                }
            }

            var headers = Headers.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();

            if (headers.Any())
            {
                if (headers.First() == "*")
                {
                    policy.AllowAnyHeader();
                }
                else
                {
                    policy.WithHeaders(headers);
                }
            }

            policy.SetIsOriginAllowedToAllowWildcardSubdomains();

            return(policy.Build());
        }
コード例 #2
0
        private void ConfigureCors(CorsPolicyBuilder builder)
        {
            var origin = _environment.IsDevelopment() ? "" : "";

            builder
            .SetIsOriginAllowedToAllowWildcardSubdomains()
            .WithOrigins("*")     // TODO: Fix
            .WithMethods("GET")
            .AllowCredentials();
        }
コード例 #3
0
    public void SetIsOriginAllowedToAllowWildcardSubdomains_DoesNotAllowRootDomain()
    {
        // Arrange
        var builder = new CorsPolicyBuilder("http://*.example.com");

        // Act
        builder.SetIsOriginAllowedToAllowWildcardSubdomains();

        // Assert
        var corsPolicy = builder.Build();

        Assert.False(corsPolicy.IsOriginAllowed("http://example.com"));
    }
コード例 #4
0
    public void SetIsOriginAllowedToAllowWildcardSubdomains_AllowsWildcardSubdomains()
    {
        // Arrange
        var builder = new CorsPolicyBuilder("http://*.example.com");

        // Act
        builder.SetIsOriginAllowedToAllowWildcardSubdomains();

        // Assert
        var corsPolicy = builder.Build();

        Assert.True(corsPolicy.IsOriginAllowed("http://test.example.com"));
    }
コード例 #5
0
        /// <summary>
        /// Customizes cors cfg
        /// </summary>
        /// <param name="builder"></param>
        /// <returns></returns>
        public static CorsPolicyBuilder CustomizeCors(this CorsPolicyBuilder builder)
        {
            var cfg = Cartomatic.Utils.NetCoreConfig.GetNetCoreConfig();

            var origins = cfg.GetSection("CorsCfg:Origins").Get <string[]>() ?? new string[0];
            var headers = cfg.GetSection("CorsCfg:Headers").Get <string[]>() ?? new string[0];
            var methods = cfg.GetSection("CorsCfg:Methods").Get <string[]>() ?? new string[0];

            //all origins allowed
            if (origins.Any(o => o == "*"))
            {
                builder.AllowAnyOrigin();
            }
            else if (origins.Any())
            {
                if (origins.Any(o => o.IndexOf("*") > -1))
                {
                    builder.SetIsOriginAllowedToAllowWildcardSubdomains();
                }

                builder.WithOrigins(origins);
            }

            if (headers.Any(h => h == "*"))
            {
                builder.AllowAnyHeader();
            }
            else if (headers.Any())
            {
                builder.WithHeaders(headers);
            }

            if (methods.Any(m => m == "*"))
            {
                builder.AllowAnyMethod();
            }
            else if (methods.Any())
            {
                builder.WithMethods(methods);
            }

            return(builder);
        }
コード例 #6
0
        public static IServiceCollection AddElectCors(this IServiceCollection services,
                                                      [NotNull] Action <ElectCorsOptions> configuration)
        {
            services.Configure(configuration);

            var options = configuration.GetValue();

            var corsBuilder = new CorsPolicyBuilder();

            if (options.IsOriginAllowed != null)
            {
                corsBuilder.SetIsOriginAllowed(options.IsOriginAllowed);
            }
            else if (options.AllowOrigins?.Any() == true)
            {
                options.AllowOrigins = options.AllowOrigins.Distinct().OrderBy(x => x).ToList();

                if (options.AllowOrigins.Contains("*"))
                {
                    corsBuilder.SetIsOriginAllowed((origin) => true);
                }
                else
                {
                    corsBuilder.WithOrigins(options.AllowOrigins.ToArray());
                    corsBuilder.SetIsOriginAllowedToAllowWildcardSubdomains();
                }
            }


            if (options.AllowHeaders?.Any() == true)
            {
                if (options.AllowHeaders.Contains("*"))
                {
                    corsBuilder.AllowAnyHeader();
                }
                else
                {
                    corsBuilder.WithHeaders(options.AllowHeaders.ToArray());
                }
            }

            if (options.AllowMethods?.Any() == true)
            {
                if (options.AllowMethods.Contains("*"))
                {
                    corsBuilder.AllowAnyMethod();
                }
                else
                {
                    corsBuilder.WithMethods(options.AllowMethods.ToArray());
                }
            }

            if (options.IsAllowCredentials)
            {
                corsBuilder.AllowCredentials();
            }
            else
            {
                corsBuilder.DisallowCredentials();
            }

            options.ExtendPolicyBuilder?.Invoke(corsBuilder);

            services.AddCors(config =>
            {
                config.DefaultPolicyName = options.PolicyName;

                config.AddDefaultPolicy(corsBuilder.Build());

                options.ExtendPolicyOptions?.Invoke(config);
            });

            services.Configure <MvcOptions>(config =>
            {
                config.Filters.Add(new CorsAuthorizationFilterFactory(options.PolicyName));
            });

            services.TryAddTransient <CorsAuthorizationFilter, CorsAuthorizationFilter>();

            return(services);
        }