public static void ConfigureSignalR(this IAppBuilder app) { var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => { var policy = new CorsPolicy(); policy.Origins.Add(Constants.Urls.WebUrl); policy.AllowAnyMethod = true; policy.AllowAnyHeader = true; policy.SupportsCredentials = true; return(Task.FromResult(policy)); } } }; app.Map(Constants.Routes.SignalR, map => { //map.UseCors(CorsOptions.AllowAll); map.UseCors(corsOptions); map.RunSignalR(new HubConfiguration() { EnableDetailedErrors = true }); }); GlobalHost.DependencyResolver.Register(typeof(JsonSerializer), () => JsonSerializerFactory.Value); }
public OwinHttpServer AddCors(IAppBuilder builder, IList <string> allowedCorsOrigins) { if (allowedCorsOrigins != null) { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; foreach (var origin in allowedCorsOrigins) { corsPolicy.Origins.Add(origin); } var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; builder.UseCors(corsOptions); } return(this); }
/// <summary> /// Initializes and configures <see cref="CorsOptions"/> instance. /// </summary> /// <param name="origins">String of allowed origins delimited by: ';'</param> public static void ConfigureCors(string origins) { if (string.IsNullOrWhiteSpace(origins)) { return; } var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; corsPolicy.Origins.ToList().AddRange(origins.Split(';')); if (!corsPolicy.Origins.Any()) { return; } Options = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; }
private static CorsOptions SetupCorsOptions() { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, SupportsCredentials = true, PreflightMaxAge = short.MaxValue }; // Try and load allowed origins from web.config // If none are specified we'll allow all origins var appSetting = new ApplicationSettings(); var origins = appSetting.CorsOriginsSetting; if (!string.IsNullOrEmpty(origins)) { foreach (var origin in origins.Split(';')) { corsPolicy.Origins.Add(origin); } } else { corsPolicy.AllowAnyOrigin = true; } var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; return(corsOptions); }
public void Configuration(IAppBuilder app) { app.UseCors(CorsOptions.AllowAll); ConfigureAuth(app); app.Map("/signalr", map => { //CorsPolicyProvider provider = new EnableCorsAttribute("*", "*", "*"); CorsOptions options = CorsOptions.AllowAll; //options.PolicyProvider = map.UseCors(options); map.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions { Provider = new OAuthTokenProvider() }); var hubConfiguration = new HubConfiguration { Resolver = GlobalHost.DependencyResolver }; map.RunSignalR(hubConfiguration); }); string name = ConfigurationManager.AppSettings["LoggingDefaults"]; SeriLogHelper.ConfigureLoggingDefaults(name); CacheConfig.Register(); }
public void Configuration(IAppBuilder appBuilder) { IdentityConfiguration(appBuilder); var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = req => { var policy = new CorsPolicy(); var corsOrigins = ConfigurationManager.AppSettings["CorsOrigins"].Split(','); var corsMethods = ConfigurationManager.AppSettings["CorsMethod"].Split(','); foreach (var origin in corsOrigins) { if (!string.IsNullOrEmpty(origin)) { policy.Origins.Add(origin); } } foreach (var method in corsMethods) { if (!string.IsNullOrEmpty(method)) { policy.Methods.Add(method); } } return(Task.FromResult(policy)); } }, CorsEngine = new CorsEngine() }; appBuilder.UseCors(corsOptions); OAuthConfiguration(appBuilder); }
public virtual void Configuration(IAppBuilder app) { DotEnv.Load(); var corsPolicyTask = Task.FromResult(new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = true, PreflightMaxAge = 60 * 60 * 1000 // 1 hour, though Chrome would limit to 10 mins I believe }); var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = r => corsPolicyTask } }; app.UseCors(corsOptions); var container = CreateContainer(); var mirrorSharpOptions = CreateMirrorSharpOptions(container); app.UseMirrorSharp(mirrorSharpOptions); app.Map("/status", a => a.Use((c, next) => { c.Response.ContentType = "text/plain"; return(c.Response.WriteAsync("OK")); })); var monitor = container.Resolve <IMonitor>(); monitor.Event("Application Startup", null); HostingEnvironment.RegisterObject(new ShutdownMonitor(monitor)); app.UseAutofacLifetimeScopeInjector(container); }
private static void ConfigureCorsOptions(CorsOptions options) { options.AddPolicy("AllowAll", builder => { builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials(); }); }
/// <summary> /// Allows Cors API. /// </summary> /// <param name="app">App Builder.</param> public void AllowCors(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; var origins = ConfigurationManager.AppSettings.Get("cors"); if (origins != null) { foreach (var origin in origins.Split(PARAMETER_CORS_SEPARATOR)) { corsPolicy.Origins.Add(origin); } } else { corsPolicy.AllowAnyOrigin = true; } var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); }
public void Configuration(IAppBuilder app) { var config = new HttpConfiguration(); var container = new Container(); ConfigureWebApi(config); ConfigureDependencyInjection(config, container); var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, AllowAnyOrigin = true }; var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); app.UseWebApi(config); }
// This code configures Web API. The Startup class is specified as a type // parameter in the WebApp.Start method. public void Configuration(IAppBuilder appBuilder) { // Configure Web API for self-host. HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = c => Task.FromResult(new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = true, SupportsCredentials = true }) } }; appBuilder.UseCors(corsOptions); appBuilder.UseWebApi(config); }
/// <summary> /// Allow different cors origins defined on appsettings /// </summary> /// <param name="services"></param> /// <param name="corsOptions"></param> public static void SetupCorsOrigins(this IServiceCollection services, CorsOptions corsOptions) { if (corsOptions == null) { SetCorsAnyOriginAllowed(services); } else { foreach (var definition in corsOptions.Origins) { services.AddCors(options => { options.AddPolicy(definition.CorsPolicy, builder => { builder.WithOrigins(definition.GetOriginsList().ToArray()); builder.WithHeaders(definition.GetHeadersList().ToArray()); builder.WithMethods(definition.GetMethodsList().ToArray()); if (definition.AllowCredentials) { builder.AllowCredentials(); } }); }); } } }
private static void ConfigureCors(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyHeader = true, SupportsCredentials = true, Methods = { "OPTIONS", "GET", "POST", "PUT", "DELETE" } }; EnvironmentConfig.AllowedOriginUrls.ToList().ForEach(item => corsPolicy.Origins.Add(item)); var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); }
public static void Configure(CorsOptions options) { options.AddDefaultPolicy( builder => { builder.AllowAnyMethod() .AllowAnyHeader() .WithOrigins( "http://localhost:8008", "https://localhost:8008") .AllowCredentials(); }); options.AddPolicy(AllowAllOriginsCorsPolicy, builder => { builder.AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod(); }); options.AddPolicy(AllowKnownClientOriginsCorsPolicy, builder => { builder.AllowAnyMethod() .AllowAnyHeader() .WithOrigins( "http://localhost:8008", "https://localhost:8008") .AllowCredentials(); }); }
private void ConfigureAuth(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, AllowAnyOrigin = true, SupportsCredentials = true }; var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = ConfigurationManager.AppSettings["ida:tenant"], TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:audience"], ValidateAudience = true, ValidIssuer = ConfigurationManager.AppSettings["ida:issuer"], ValidateIssuer = true, ValidateLifetime = true } }); }
public void ConfigureAuth(IAppBuilder app) { var tokenCorsPolicy = new CorsPolicy { AllowAnyOrigin = true, AllowAnyHeader = true, AllowAnyMethod = true }; var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = request => Task.FromResult( request.Path.ToString().StartsWith("/auth/token") ? tokenCorsPolicy : null ) } }; app.UseCors(corsOptions); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider app.UseCookieAuthentication(new CookieAuthenticationOptions()); // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); }
public void Configuration(IAppBuilder app) { var corsPolicyTask = Task.FromResult(new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true, AllowAnyOrigin = true, PreflightMaxAge = 60 * 60 * 1000 // 1 hour, though Chrome would limit to 10 mins I believe }); var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = r => corsPolicyTask } }; app.UseCors(corsOptions); var mirrorSharpOptions = CreateMirrorSharpOptions(); app.UseMirrorSharp(mirrorSharpOptions); app.Map("/status", a => a.Use((c, next) => { c.Response.ContentType = "text/plain"; return(c.Response.WriteAsync("OK")); })); }
//private SiteContext site; public bool IsPathAllowed(PathString path, CorsOptions options) { var result = options.CorsPaths.Any(x => path == x); if (result) { return(result); } if (multiTenantOptions.Mode == MultiTenantMode.FolderName) { var site = contextAccessor.HttpContext.GetTenant <SiteContext>(); if (site != null && !string.IsNullOrEmpty(site.SiteFolderName)) { //result = options.CorsPaths.Any(x => path == "/" + site.SiteFolderName + x); foreach (var cp in options.CorsPaths) { var tenantPath = "/" + site.SiteFolderName + cp; if (path == tenantPath) { return(true); } } } } return(result); }
public void ConfigureCors(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyMethod = false, AllowAnyHeader = false, AllowAnyOrigin = false, SupportsCredentials = true }; var origins = ConfigurationManager.AppSettings["CorsOrigins"]; var headers = ConfigurationManager.AppSettings["CorsHeaders"]; var methods = ConfigurationManager.AppSettings["CorsMethods"]; AddTokens(origins, corsPolicy.Origins); AddTokens(headers, corsPolicy.Headers); AddTokens(methods, corsPolicy.Methods); var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); }
/// <summary> /// Initializes and configures <see cref="T:Microsoft.Owin.Cors.CorsOptions" /> instance. /// </summary> /// <param name="origins">String of allowed origins delimited by: ';'</param> public static void ConfigureCors(string origins) { if (string.IsNullOrWhiteSpace(origins)) { return; } CorsPolicy corsPolicy = new CorsPolicy() { AllowAnyMethod = true, AllowAnyHeader = true }; corsPolicy.Origins.ToList <string>().AddRange((IEnumerable <string>)origins.Split(';')); if (!corsPolicy.Origins.Any <string>()) { return; } CorsConfig.Options = new CorsOptions() { PolicyProvider = (ICorsPolicyProvider) new CorsPolicyProvider() { PolicyResolver = (Func <IOwinRequest, Task <CorsPolicy> >)(context => Task.FromResult <CorsPolicy>(corsPolicy)) } }; }
private static void ConfigureCors(CorsOptions cors) { cors.AddDefaultPolicy(policy => policy .AllowAnyOrigin() .WithHeaders(HeaderNames.ContentType) .WithMethods(HttpMethods.Post)); }
public void Configuration(IAppBuilder app) { var config = new HttpConfiguration(); var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; corsPolicy.AllowAnyOrigin = true; var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); app.UseCors(corsOptions); ActivateTokenGenerator(app); app.UseWebApi(config); }
public void ConfigureCorsPolicy(CorsOptions options) { options.AddPolicy("CorsPolicy", builder => { builder.WithOrigins(_corsSettings.AllowedOrigins).AllowAnyHeader().AllowAnyMethod(); }); }
private void ConfigureCors(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; var origins = ConfigurationManager.AppSettings["Cors.Origins"]; if (origins != null) { foreach (var origin in origins.Split(';')) { corsPolicy.Origins.Add(origin); } } else { corsPolicy.AllowAnyOrigin = true; } var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); }
/// <summary> /// /// </summary> /// <param name="services"></param> /// <returns></returns> public static IServiceCollection AddCorsOption(this IServiceCollection services) { if (EasySharpServices.IsInitialized == false) { EasySharpServices.Services = services; EasySharpServices.Initialize(); } Configuration = EasySharpServices.Builder(); var options = new CorsOptions(); Configuration.GetSection(nameof(CorsOptions)).Bind(options); //if Links=null, set links array to empty array var linksOption = options.Links ?? new string[] { }; var policyName = options.Name; if (options.Enabled) { string[] clientUrls = linksOption.ToArray(); services.AddCors(opt => { opt.AddPolicy(policyName, fbuilder => fbuilder.WithOrigins(clientUrls) .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials()); }); } return(services); }
/// <summary> /// 由 CorsCoreHelper 负责初始化 /// </summary> /// <param name="options"></param> public static void SetPolicyMap(CorsOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } var map = options.GetPolicyMap(); _defaultPolicyName = options.DefaultPolicyName; foreach (var key in map.Keys) { var builder = new CorsPolicyBuilder(map[key]); _policyMap.Add(key, builder.Build()); } if (!IsContainsPolicy(_defaultPolicyName)) { _policyMap.Add(_defaultPolicyName, CorsPolicy.DefaultCorsPolicy); } EnableGlobalCors = options.EnableGlobalCors; GlobalCorsPolicyName = string.IsNullOrWhiteSpace(options.GlobalCorsPolicyName) ? options.DefaultPolicyName : options.GlobalCorsPolicyName; }
public static void AllowAll(this CorsOptions setup, string policyName) { setup.AddPolicy(policyName, policy => policy .AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod()); }
public async Task Invoke_HasCorsConfig_InvokesNext() { var testOrigin = "https://functions.azure.com"; var hostCorsOptions = new OptionsWrapper <HostCorsOptions>(new HostCorsOptions { AllowedOrigins = new List <string> { testOrigin } }); var testPolicy = new CorsPolicy(); var testOptions = new CorsOptions(); testOptions.AddDefaultPolicy(testPolicy); var corsOptions = new OptionsWrapper <CorsOptions>(testOptions); var corsFactory = new CorsMiddlewareFactory(corsOptions, NullLoggerFactory.Instance); bool nextInvoked = false; RequestDelegate next = (context) => { nextInvoked = true; context.Response.StatusCode = (int)HttpStatusCode.Accepted; return(Task.CompletedTask); }; var middleware = new JobHostCorsMiddleware(hostCorsOptions, corsFactory); var httpContext = new DefaultHttpContext(); await middleware.Invoke(httpContext, next); Assert.True(nextInvoked); }
public static void Register(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true }; // Try and load allowed origins from web.config // If none are specified we'll allow all origins var origins = ConfigHelper.CorsOrigins; if (origins != null) { foreach (var origin in origins.Split(';')) { corsPolicy.Origins.Add(origin); } } else { corsPolicy.AllowAnyOrigin = true; } var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; app.UseCors(corsOptions); }
public void Configuration(IAppBuilder app) { ConfigureAuth(app); //UseRedisBackplane(); //UseServiceBusBackplane(); //UseSqlBackplane(); // Branch the pipeline here for requests that start with "/signalr" app.Map("/signalr", map => { CorsPolicy corsPolicy = new CorsPolicy() { AllowAnyHeader = true, //AllowAnyOrigin = true, AllowAnyMethod = true, SupportsCredentials = true }; // Get Allowed Origins from Config and split by comma. Can be changed to any character that you chose. string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(','); // To split by multiple types use the following example as a template: //string[] origins = AppSettingsConfig.CorsPolicyOrigins.Split(',', '+'); foreach (string origin in origins) { corsPolicy.Origins.Add(origin); } var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(corsPolicy) } }; // Setup the CORS middleware to run before SignalR. // By default this will allow all origins. You can // configure the set of origins and/or http verbs by // providing a cors options with a different policy. map.UseCors(corsOptions); var hubConfiguration = new HubConfiguration { // You can enable JSONP by uncommenting line below. // JSONP requests are insecure but some older browsers (and some // versions of IE) require JSONP to work cross domain EnableDetailedErrors = true, //EnableJSONP = true, //EnableJavaScriptProxies = true }; // Run the SignalR pipeline. We're not using MapSignalR // since this branch already runs under the "/signalr" // path. map.RunSignalR(hubConfiguration); }); //app.MapSignalR(); }
private static void ConfigureCors(CorsOptions options) { options.AddPolicy(defaultName, policy => policy.AllowAnyHeader() .AllowAnyMethod() .AllowAnyOrigin() .AllowCredentials()); }
public async Task GetsNamedPolicy(string policyName) { // Arrange var options = new CorsOptions(); var policy = new CorsPolicy(); options.AddPolicy(policyName, policy); var corsOptions = new TestCorsOptions { Value = options }; var policyProvider = new DefaultCorsPolicyProvider(corsOptions); // Act var actualPolicy = await policyProvider.GetPolicyAsync(new DefaultHttpContext(), policyName); // Assert Assert.Same(policy, actualPolicy); }
public async Task GetsNamedPolicy(string policyName) { // Arrange var options = new CorsOptions(); var policy = new CorsPolicy(); options.AddPolicy(policyName, policy); var mockOptions = new Mock<IOptions<CorsOptions>>(); mockOptions .SetupGet(o => o.Options) .Returns(options); var policyProvider = new DefaultCorsPolicyProvider(mockOptions.Object); // Act var actualPolicy = await policyProvider.GetPolicyAsync(new DefaultHttpContext(), policyName); // Assert Assert.Same(policy, actualPolicy); }
//private SiteContext site; public bool IsPathAllowed(PathString path, CorsOptions options) { var result = options.CorsPaths.Any(x => path == x); if (result) return result; if (multiTenantOptions.Mode == MultiTenantMode.FolderName) { var site = contextAccessor.HttpContext.GetTenant<SiteContext>(); if(site != null && !string.IsNullOrEmpty(site.SiteFolderName)) { //result = options.CorsPaths.Any(x => path == "/" + site.SiteFolderName + x); foreach (var cp in options.CorsPaths) { var tenantPath = "/" + site.SiteFolderName + cp; if (path == tenantPath) return true; } } } return result; }
private static CorsBasedSecurityMessageHandler CreateSubjectUnderTest( HttpResponseMessage response = null, CorsEngine corsEngine = null, CorsOptions options = null) { var sut = new CorsBasedSecurityMessageHandler(options ?? CorsOptions.AllowAll()); sut.InnerHandler = new TestHandler(response); sut.SetCorsEngineFactory(() => corsEngine ?? new CorsEngine()); return sut; }