public void Configure(CorsPolicyBuilder options, IServiceCollection services) { var settings = new ServiceSettings().Auth; options.WithOrigins(settings.ValidAuthReferrers); options.WithHeaders("X-Requested-With", "Content-Type"); options.WithMethods("POST"); options.AllowCredentials(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllers(); //database conn stuff //logger.LogInformation("Using SQL Server repository"); services.AddScoped <IArtistRepository, ArtistRepository>(); services.AddScoped <ILocationRepository, LocationRepository>(); services.AddScoped <IQuizRepository, QuizRepository>(); services.AddEntityFrameworkSqlServer() .AddDbContext <CulturalDbContext>(options => options.UseSqlServer(Configuration["ConnectionString"])); services.AddSingleton <IAuthorizationHandler, HasScopeHandler>(); string domain = $"https://{Configuration["Auth0:Domain"]}/"; services.AddAuthentication(options => { //AuthenticationOptions s; options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(options => { options.Authority = domain; options.Audience = Configuration["Auth0:ApiIdentifier"]; }); services.AddAuthorization(options => { options.AddPolicy("read:artists", policy => policy.Requirements.Add(new HasScopeRequirement("read:artists", domain))); options.AddPolicy("write:artists", policy => policy.Requirements.Add(new HasScopeRequirement("write:artists", domain))); options.AddPolicy("read:quiz", policy => policy.Requirements.Add(new HasScopeRequirement("read:quiz", domain))); options.AddPolicy("write:quiz", policy => policy.Requirements.Add(new HasScopeRequirement("write:quiz", domain))); options.AddPolicy("read:location", policy => policy.Requirements.Add(new HasScopeRequirement("read:location", domain))); options.AddPolicy("write:location", policy => policy.Requirements.Add(new HasScopeRequirement("write:location", domain))); }); // ******************** // Setup CORS // ******************** var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); //corsBuilder.AllowAnyOrigin(); // For anyone access. //corsBuilder.WithOrigins("http://localhost:56573"); // for a specific url. Don't add a forward slash on the end! corsBuilder.WithOrigins("http://localhost:5100", "http://52.89.227.233:5000"); corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("SiteCorsPolicy", corsBuilder.Build()); }); }
void ConfigurePolicy(CorsPolicyBuilder builder) { builder .WithOrigins("http://localhost", "http://localhost:80", "http://localhost:8080", "http://localhost:3000", "http://localhost:3001", "https://localhost:44389") .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>(); services.AddHttpContextAccessor(); services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" }); c.AddSecurityDefinition("Bearer", new ApiKeyScheme { Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"", Name = "Authorization", In = "header", Type = "apiKey" }); }); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, NameClaimType = "name", ValidIssuer = "http://*****:*****@345")) }; }); services.AddIdentity <Student, IdentityRole>(options => { options.ClaimsIdentity.UserIdClaimType = JwtRegisteredClaimNames.Sub; }); services.AddCors(options => { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.WithOrigins(Configuration["WhiteList"]); corsBuilder.AllowCredentials(); options.AddPolicy("SiteCorsPolicy", corsBuilder.Build()); }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); services.AddBusinessLogic(Configuration.GetConnectionString("AcademicManagement")); services.AddHangfire(config => config.UseSqlServerStorage(Configuration.GetConnectionString("AcademicManagement"))); services.AddSignalR(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddCors(); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); // ******************** // Setup CORS // ******************** var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.AllowAnyOrigin(); // For anyone access. corsBuilder.WithOrigins("https://localhost:82"); // for a specific url. Don't add a forward slash on the end! corsBuilder.WithOrigins("http://localhost:65182"); // for a specific url. Don't add a forward slash on the end! corsBuilder.WithOrigins("https://addresstranslation.azurewebsites.net"); // for a specific url. Don't add a forward slash on the end! corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("SiteCorsPolicy", corsBuilder.Build()); }); //services.AddCors( options => { options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins("https://atservicetest.azurewebsites.net", "https://addresstranslation.azurewebsites.net"); }); }); new GetConnectionString().getconnection(Configuration); // services.Add(new ServiceDescriptor(typeof(LoginContext), new LoginContext(Configuration.GetConnectionString("DefaultConnection")))); // services.Add(new ServiceDescriptor(typeof(HomeContext), new HomeContext(Configuration.GetConnectionString("DefaultConnection")))); // services.Add(new ServiceDescriptor(typeof(LoginDataContext), new LoginDataContext(Configuration.GetConnectionString("DefaultConnection")))); services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Swashbuckle.AspNetCore.Swagger.Info { Title = "Core API", Description = "Swagger Core API" }); } ); // In production, the Angular files will be served from this directory services.AddSpaStaticFiles(configuration => { configuration.RootPath = "ClientApp/dist"; }); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.AllowAnyOrigin(); // For anyone access. corsBuilder.WithOrigins("http://localhost:4200"); // for a specific url. Don't add a forward slash on the end! corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("SiteCorsPolicy", corsBuilder.Build()); }); var appSettingsSection = Configuration.GetSection("AppSettings"); services.Configure <AppSettings>(appSettingsSection); // configure jwt authentication var appSettings = appSettingsSection.Get <AppSettings>(); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = "MeliRosales", ValidAudience = "MeliRosales", IssuerSigningKey = JwtSecurityKey.Create(appSettings.Secret) }; options.Events = new JwtBearerEvents { OnAuthenticationFailed = context => { Console.WriteLine("OnAuthenticationFailed: " + context.Exception.Message); return(Task.CompletedTask); }, OnTokenValidated = context => { Console.WriteLine("OnTokenValidated: " + context.SecurityToken); return(Task.CompletedTask); } }; }); services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN"); services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver()); }
public void WithOrigins_ThrowsIfArgumentArrayContainsNull() { // Arrange var builder = new CorsPolicyBuilder(); string[] args = new string[] { null }; // Act / Assert Assert.Throws <ArgumentNullException>(() => builder.WithOrigins(args)); }
private static CorsPolicyBuilder InstantiateCorsPolicyBuilder(IConfiguration configuration) { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.WithOrigins(GetAllOrigins(configuration)); corsBuilder.AllowCredentials(); return(corsBuilder); }
private void ConfigureCors(CorsPolicyBuilder policy) { var origins = Configuration.GetSection("Host:Server:Cors").Get <string[]>(); policy .WithOrigins(origins) .AllowCredentials() .AllowAnyHeader() .AllowAnyMethod(); }
public CorsPolicy GenerateCorsPolicy() { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.WithOrigins("https://" + ConfigureMe.GetValue <string>("Settings:StaticSiteRoot")); corsBuilder.AllowAnyMethod(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowCredentials(); return(corsBuilder.Build()); }
private void CorsPolicyBuild( CorsPolicyBuilder builder, ApplicationSettings applicationSettings) { builder .WithOrigins(applicationSettings .AcceptedClients.ToArray()) .WithMethods("GET") .AllowAnyHeader(); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddSingleton(_config); //services.AddStormpath(); // services.AddScoped<TokenProviderMiddleware>(); services.AddIdentity <ProductUser, IdentityRole>(config => { config.User.RequireUniqueEmail = true; config.Password.RequiredLength = 4; config.Password.RequireDigit = true; config.Password.RequireNonAlphanumeric = true; // config.Cookies.ApplicationCookie.LoginPath }) .AddEntityFrameworkStores <ProductContext>(); services.AddLogging(); services.AddDbContext <ProductContext>(); services.AddScoped <IProductRepository, ProductRepository>(); services.AddScoped <ProductContext>(); //services.AddCors(options => options.AddPolicy("AllowAll", x => x.AllowAnyOrigin())); services.AddCors(options => { options.AddPolicy("AllowSpecificOrigin", builder => builder.WithOrigins("http://localhost:3000/")); }); // Define CORS Policy var corsBuilder = new CorsPolicyBuilder(); corsBuilder.WithHeaders("*"); corsBuilder.AllowAnyMethod(); corsBuilder.WithOrigins("http://localhost:3000"); //corsBuilder.AllowAnyOrigin(); corsBuilder.AllowCredentials(); corsBuilder.WithExposedHeaders().AllowAnyHeader(); corsBuilder.SetPreflightMaxAge(TimeSpan.FromSeconds(30)); services.AddCors(options => { options.AddPolicy("localhost", corsBuilder.Build()); }); // services.AddTransient<ProductContextSeedData>(); services.AddMvc(); }
internal static void AddCORS(CorsPolicyBuilder builder, Configuration configData) { if (!string.IsNullOrEmpty(configData.AllowedOrigins)) { if (configData.AllowedOrigins == "*") { builder.AllowAnyOrigin(); } else { var allowedOrigins = configData.AllowedOrigins.Split(",", StringSplitOptions.RemoveEmptyEntries); builder.WithOrigins(allowedOrigins); } } if (!string.IsNullOrEmpty(configData.AllowedMethods)) { if (configData.AllowedMethods == "*") { builder.AllowAnyMethod(); } else { var allowedMethods = configData.AllowedMethods.Split(",", StringSplitOptions.RemoveEmptyEntries); builder.WithMethods(allowedMethods); } } if (!string.IsNullOrEmpty(configData.AllowedHeaders)) { if (configData.AllowedHeaders == "*") { builder.AllowAnyHeader(); } else { var allowedHeaders = configData.AllowedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries); builder.WithHeaders(allowedHeaders); } } if (!string.IsNullOrEmpty(configData.AllowedExposedHeaders)) { var allowedExposedHeaders = configData.AllowedExposedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries); if (allowedExposedHeaders.Any()) { builder.WithExposedHeaders(allowedExposedHeaders); } } if (configData.IsAllowedCredentials && configData.AllowedOrigins != "*") { builder.AllowCredentials(); } else { builder.DisallowCredentials(); } }
public CorsPolicy GenerateCorsPolicy() { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.AllowAnyOrigin(); // For anyone access. corsBuilder.WithOrigins("https://app-datumation.azurewebsites.net"); // for a specific url. Don't add a forward slash on the end! corsBuilder.AllowCredentials(); return(corsBuilder.Build()); }
/// <summary> /// Adds the specified <paramref name="origins"/> using <paramref name="policyBuilder"/> when /// <paramref name="allowAnyOrigin"/> equals <see langword="false"/>. /// In another case, allows any origin using <paramref name="policyBuilder"/>. /// </summary> /// <param name="policyBuilder"></param> /// <param name="allowAnyOrigin"></param> /// <param name="origins"></param> private static void SetOrigins(CorsPolicyBuilder policyBuilder, bool allowAnyOrigin, string[] origins) { if (allowAnyOrigin) { policyBuilder.AllowAnyOrigin(); } else { policyBuilder.WithOrigins(origins); } }
private CorsPolicy BuildPolicy(string[] targetOrigins, TimeSpan preflightMaxAge) { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.WithOrigins(targetOrigins) .WithMethods(methods) .AllowAnyHeader() .WithExposedHeaders(exposedHeaders) .SetPreflightMaxAge(preflightMaxAge); return(corsBuilder.Build()); }
// Refer to this article if you require more information on CORS // https://docs.microsoft.com/en-us/aspnet/core/security/cors static void BuildCorsPolicy(CorsPolicyBuilder builder) { string[] CORS_ALLOW_ALL = new string[1] { "*" }; builder .WithOrigins(CORS_ALLOW_ALL) .WithMethods(CORS_ALLOW_ALL) .WithHeaders(CORS_ALLOW_ALL) .Build(); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // ===== Add our DbContext ======== services.AddDbContext <ApplicationDbContext>(); // ===== Add Identity ======== services.AddIdentity <IdentityUser, IdentityRole>() .AddEntityFrameworkStores <ApplicationDbContext>() .AddDefaultTokenProviders(); // ===== Add Jwt Authentication ======== JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); // => remove default claims services .AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(cfg => { cfg.RequireHttpsMetadata = false; cfg.SaveToken = true; cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = Configuration["JwtIssuer"], ValidAudience = Configuration["JwtIssuer"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtKey"])), ClockSkew = TimeSpan.Zero // remove delay of token when expire }; }); // ===== Add CORS ======== var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); //corsBuilder.AllowAnyOrigin(); // For anyone access. corsBuilder.WithOrigins("http://localhost:4200"); // for a specific url. Don't add a forward slash on the end! corsBuilder.AllowCredentials(); // ===== Add Web Cors Policy ======== services.AddCors(options => { options.AddPolicy("WebCorsPolicy", corsBuilder.Build()); }); // Register application services. services.AddScoped <IRoomBookingServiceRepository, RoomBookingServiceRepository>(); // ===== Add MVC ======== services.AddMvc(); }
private void UseCors(CorsPolicyBuilder builder) { builder.AllowAnyHeader().AllowAnyMethod().AllowCredentials(); if (_env.IsProduction()) //生产环境指定跨域域名 { builder.WithOrigins(_settings.CorsOrigins); } else //其他环境允许所有跨所有域名 { builder.AllowAnyOrigin(); } }
private CorsPolicy Allow(string origin) { var policyBuilder = new CorsPolicyBuilder(); var policy = policyBuilder .WithOrigins(origin) .AllowAnyHeader() .AllowAnyMethod() .Build(); return policy; }
private CorsPolicy Allow(string origin) { var policyBuilder = new CorsPolicyBuilder(); var policy = policyBuilder .WithOrigins(origin) .AllowAnyHeader() .AllowAnyMethod() .Build(); return(policy); }
/// <summary>Set Allowed Origins</summary> /// <param name="builder">Cors policy builder configuration</param> /// <param name="itemCorsSection">Item configuration</param> private void SetAllowedOrigins(CorsPolicyBuilder builder, IConfiguration itemCorsSection) { var origins = itemCorsSection.GetSection("origins").Get <string[]>(); if (origins != null) { builder.WithOrigins(origins); } else { builder.AllowAnyOrigin(); } }
public static CorsPolicyBuilder SetupCors(CorsPolicyBuilder options) { return(options.WithOrigins("http://keycloak-demo.ngrok.io", "https://keycloak-demo.ngrok.io", "http://localhost:5000", "https://keycloak-demo-ui.ngrok.io", "http://keycloak-demo-ui.ngrok.io", "https://keycloak-demo-api.ngrok.io", "http://keycloak-demo-api.ngrok.io", "https://localhost:4321", "https://intranet-dev-usz.virtualcorp.ch").AllowAnyMethod() // options.AllowAnyOrigin().AllowAnyMethod() .AllowAnyHeader() // .WithHeaders("Origin", "X-Requested-With", "Content-Type", "Accept", "Authorization") //.WithExposedHeaders("Origin", "X-Requested-With", "Content-Type", "Accept", "Authorization") .AllowCredentials()); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.WithOrigins("http://localhost:8080"); corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("example2", corsBuilder.Build()); }); services.AddMvc(); }
/// <summary> /// Adds the CORS configuration. /// </summary> /// <param name="services">The services collection</param> private void ConfigureCORS(IServiceCollection services) { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.WithOrigins("http://localhost:4200"); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("SiteCorsPolicy", corsBuilder.Build()); }); }
private static CorsPolicyBuilder AddCorsConfiguration(this CorsPolicyBuilder builder, CorsPolicy configuration) { builder.WithOrigins(configuration.Origins); if (configuration.Methods?.Length > 0) { builder.WithMethods(configuration.Methods); } if (configuration.Headers?.Length > 0) { builder.WithMethods(configuration.Headers); } return(builder); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddCors(); var corsBuilder = new CorsPolicyBuilder(); corsBuilder.WithHeaders("*"); corsBuilder.WithMethods("*"); corsBuilder.WithOrigins("*"); corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("AllowAll", corsBuilder.Build()); }); // Add framework services. services.AddMvc().AddJsonOptions(a => a.SerializerSettings.ContractResolver = new DefaultContractResolver());; }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.WithOrigins("http://localhost:8080"); corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("Aurelia-ContactsManager", corsBuilder.Build()); }); services.AddMvc(); services.AddSingleton <IContactRepository, ContactRepository>(); }
private void ConfigureCors(IServiceCollection services) { var corsBuilder = new CorsPolicyBuilder(); if (Environment.IsDevelopment()) { corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.WithOrigins("http://localhost:4200", "http://localhost"); corsBuilder.AllowCredentials(); } else { corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.WithOrigins("https://two.awdware.de", "http://three.awdware.de"); corsBuilder.AllowCredentials(); } services.AddCors(options => { options.AddPolicy("SiteCorsPolicy", corsBuilder.Build()); }); }
// This method gets called by the runtime. Use this method to add services to the container public void ConfigureServices(IServiceCollection services) { // Add framework services. services.AddApplicationInsightsTelemetry(Configuration); services.AddMvc(); var corsBuilder = new CorsPolicyBuilder(); corsBuilder.WithOrigins( "http://localhost:3000" ).WithMethods("GET", "POST", "HEAD"); services.AddCors(options => { options.AddPolicy("RestPolicyBase", corsBuilder.Build()); }); }
public Task <CorsPolicy> GetPolicyAsync(HttpContext context, string policyName) { var originHeader = context.Request.Headers["Origin"].FirstOrDefault(); // unknown policy name or origin header not present: default behavior if (string.IsNullOrEmpty(policyName) || string.IsNullOrEmpty(originHeader) || !string.Equals(policyName, DefaultSenseNetCorsPolicyName, StringComparison.InvariantCultureIgnoreCase) || string.Equals(originHeader, "null", StringComparison.InvariantCultureIgnoreCase)) { return(Task.FromResult(_options.GetPolicy(policyName ?? _options.DefaultPolicyName))); } var policyBuilder = new CorsPolicyBuilder(); // Load current CORS settings from the repository. This must not be cached here, // because settings may change at runtime, anytime. var corsSettings = Settings.GetValue <IEnumerable <string> >(PortalSettings.SETTINGSNAME, PortalSettings.SETTINGS_ALLOWEDORIGINDOMAINS, null, SnCorsConstants.DefaultAllowedDomains); // get a configured domain (or template) that matches the origin sent by the client var allowedDomain = GetAllowedDomain(originHeader, corsSettings); if (!string.IsNullOrEmpty(allowedDomain)) { // template match: set the allowed origin policyBuilder.WithOrigins(originHeader); // any origin ('*') and credentials are mutually exclusive if (!string.Equals(originHeader, CorsConstants.AnyOrigin)) { policyBuilder.AllowCredentials(); } var allowedMethods = Settings.GetValue(PortalSettings.SETTINGSNAME, PortalSettings.SETTINGS_ALLOWEDMETHODS, null, SnCorsConstants.AccessControlAllowMethodsDefault); var allowedHeaders = Settings.GetValue(PortalSettings.SETTINGSNAME, PortalSettings.SETTINGS_ALLOWEDHEADERS, null, SnCorsConstants.AccessControlAllowHeadersDefault); policyBuilder.WithMethods(allowedMethods); policyBuilder.WithHeaders(allowedHeaders); } return(Task.FromResult(policyBuilder.Build())); }
public void WithOrigins_AddsOrigins() { // Arrange var builder = new CorsPolicyBuilder(); // Act builder.WithOrigins("http://example.com", "http://example2.com"); // Assert var corsPolicy = builder.Build(); Assert.False(corsPolicy.AllowAnyOrigin); Assert.Equal(new List<string>() { "http://example.com", "http://example2.com" }, corsPolicy.Origins); }