public CorsPolicy Build() { CorsPolicyBuilder policy = new CorsPolicyBuilder(); ApplyAlls(); var origins = Origins.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray(); if (origins.Any()) { if (origins.First() == "*") { policy.AllowAnyOrigin(); } else { policy.WithOrigins(origins); } if (AllowCredentials && origins.First() != "*") { policy.AllowCredentials(); } else { policy.DisallowCredentials(); } } var methods = Methods.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray(); if (methods.Any()) { if (methods.First() == "*") { policy.AllowAnyMethod(); } else { policy.WithMethods(methods); } } var headers = Headers.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray(); if (headers.Any()) { if (headers.First() == "*") { policy.AllowAnyHeader(); } else { policy.WithHeaders(headers); } } policy.SetIsOriginAllowedToAllowWildcardSubdomains(); return(policy.Build()); }
private void ConfigureCors(CorsPolicyBuilder builder) { var origin = _environment.IsDevelopment() ? "" : ""; builder .SetIsOriginAllowedToAllowWildcardSubdomains() .WithOrigins("*") // TODO: Fix .WithMethods("GET") .AllowCredentials(); }
public void SetIsOriginAllowedToAllowWildcardSubdomains_DoesNotAllowRootDomain() { // Arrange var builder = new CorsPolicyBuilder("http://*.example.com"); // Act builder.SetIsOriginAllowedToAllowWildcardSubdomains(); // Assert var corsPolicy = builder.Build(); Assert.False(corsPolicy.IsOriginAllowed("http://example.com")); }
public void SetIsOriginAllowedToAllowWildcardSubdomains_AllowsWildcardSubdomains() { // Arrange var builder = new CorsPolicyBuilder("http://*.example.com"); // Act builder.SetIsOriginAllowedToAllowWildcardSubdomains(); // Assert var corsPolicy = builder.Build(); Assert.True(corsPolicy.IsOriginAllowed("http://test.example.com")); }
/// <summary> /// Customizes cors cfg /// </summary> /// <param name="builder"></param> /// <returns></returns> public static CorsPolicyBuilder CustomizeCors(this CorsPolicyBuilder builder) { var cfg = Cartomatic.Utils.NetCoreConfig.GetNetCoreConfig(); var origins = cfg.GetSection("CorsCfg:Origins").Get <string[]>() ?? new string[0]; var headers = cfg.GetSection("CorsCfg:Headers").Get <string[]>() ?? new string[0]; var methods = cfg.GetSection("CorsCfg:Methods").Get <string[]>() ?? new string[0]; //all origins allowed if (origins.Any(o => o == "*")) { builder.AllowAnyOrigin(); } else if (origins.Any()) { if (origins.Any(o => o.IndexOf("*") > -1)) { builder.SetIsOriginAllowedToAllowWildcardSubdomains(); } builder.WithOrigins(origins); } if (headers.Any(h => h == "*")) { builder.AllowAnyHeader(); } else if (headers.Any()) { builder.WithHeaders(headers); } if (methods.Any(m => m == "*")) { builder.AllowAnyMethod(); } else if (methods.Any()) { builder.WithMethods(methods); } return(builder); }
public static IServiceCollection AddElectCors(this IServiceCollection services, [NotNull] Action <ElectCorsOptions> configuration) { services.Configure(configuration); var options = configuration.GetValue(); var corsBuilder = new CorsPolicyBuilder(); if (options.IsOriginAllowed != null) { corsBuilder.SetIsOriginAllowed(options.IsOriginAllowed); } else if (options.AllowOrigins?.Any() == true) { options.AllowOrigins = options.AllowOrigins.Distinct().OrderBy(x => x).ToList(); if (options.AllowOrigins.Contains("*")) { corsBuilder.SetIsOriginAllowed((origin) => true); } else { corsBuilder.WithOrigins(options.AllowOrigins.ToArray()); corsBuilder.SetIsOriginAllowedToAllowWildcardSubdomains(); } } if (options.AllowHeaders?.Any() == true) { if (options.AllowHeaders.Contains("*")) { corsBuilder.AllowAnyHeader(); } else { corsBuilder.WithHeaders(options.AllowHeaders.ToArray()); } } if (options.AllowMethods?.Any() == true) { if (options.AllowMethods.Contains("*")) { corsBuilder.AllowAnyMethod(); } else { corsBuilder.WithMethods(options.AllowMethods.ToArray()); } } if (options.IsAllowCredentials) { corsBuilder.AllowCredentials(); } else { corsBuilder.DisallowCredentials(); } options.ExtendPolicyBuilder?.Invoke(corsBuilder); services.AddCors(config => { config.DefaultPolicyName = options.PolicyName; config.AddDefaultPolicy(corsBuilder.Build()); options.ExtendPolicyOptions?.Invoke(config); }); services.Configure <MvcOptions>(config => { config.Filters.Add(new CorsAuthorizationFilterFactory(options.PolicyName)); }); services.TryAddTransient <CorsAuthorizationFilter, CorsAuthorizationFilter>(); return(services); }