public CorsPolicy Build() { CorsPolicyBuilder policy = new CorsPolicyBuilder(); ApplyAlls(); var origins = Origins.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray(); if (origins.Any()) { if (origins.First() == "*") { policy.AllowAnyOrigin(); } else { policy.WithOrigins(origins); } if (AllowCredentials && origins.First() != "*") { policy.AllowCredentials(); } else { policy.DisallowCredentials(); } } var methods = Methods.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray(); if (methods.Any()) { if (methods.First() == "*") { policy.AllowAnyMethod(); } else { policy.WithMethods(methods); } } var headers = Headers.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray(); if (headers.Any()) { if (headers.First() == "*") { policy.AllowAnyHeader(); } else { policy.WithHeaders(headers); } } policy.SetIsOriginAllowedToAllowWildcardSubdomains(); return(policy.Build()); }
public static void SetupCors(this IServiceCollection services, IConfiguration configuration) { if (!configuration.GetValue <bool>("CorsEnabled")) { return; } var corsPolicies = configuration.GetSection("CorsPolicies"); if (corsPolicies.GetChildren().All(section => section.Key != KEYS_POLICY_NAME)) { services.AddCors(options => options.AddPolicy(KEYS_POLICY_NAME, builder => builder .AllowCredentials() .AllowAnyHeader() .AllowAnyMethod() .AllowAnyOrigin() )); } foreach (var policyConfiguration in corsPolicies.GetChildren()) { var headers = policyConfiguration.GetSection("Headers").Value?.Split(','); var methods = policyConfiguration.GetSection("Methods").Value?.Split(','); var origins = policyConfiguration.GetSection("Origins").Value?.Split(','); var exposedHeaders = policyConfiguration.GetSection("ExposedHeaders").Value?.Split(','); if (methods == null || origins == null) { throw new InvalidOperationException( $"Missing configuration fields for {policyConfiguration.Key}, please specify Headers, Methods, Origins and ExposedHeaders"); } var policyBuilder = new CorsPolicyBuilder(origins); policyBuilder .WithHeaders(headers ?? new string[] { }) .WithMethods(methods) .WithExposedHeaders(exposedHeaders ?? new string[] { }); if (policyConfiguration.GetValue <bool>("AllowCredentials")) { policyBuilder.AllowCredentials(); } else { policyBuilder.DisallowCredentials(); } var maxPreflightAge = policyConfiguration.GetValue <double>("MaxPreflightAge"); if (maxPreflightAge != 0) { policyBuilder.SetPreflightMaxAge(TimeSpan.FromSeconds(maxPreflightAge)); } services.AddCors(options => options.AddPolicy(policyConfiguration.Key, policyBuilder.Build())); } }
internal static void AddCORS(CorsPolicyBuilder builder, Configuration configData) { if (!string.IsNullOrEmpty(configData.AllowedOrigins)) { if (configData.AllowedOrigins == "*") { builder.AllowAnyOrigin(); } else { var allowedOrigins = configData.AllowedOrigins.Split(",", StringSplitOptions.RemoveEmptyEntries); builder.WithOrigins(allowedOrigins); } } if (!string.IsNullOrEmpty(configData.AllowedMethods)) { if (configData.AllowedMethods == "*") { builder.AllowAnyMethod(); } else { var allowedMethods = configData.AllowedMethods.Split(",", StringSplitOptions.RemoveEmptyEntries); builder.WithMethods(allowedMethods); } } if (!string.IsNullOrEmpty(configData.AllowedHeaders)) { if (configData.AllowedHeaders == "*") { builder.AllowAnyHeader(); } else { var allowedHeaders = configData.AllowedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries); builder.WithHeaders(allowedHeaders); } } if (!string.IsNullOrEmpty(configData.AllowedExposedHeaders)) { var allowedExposedHeaders = configData.AllowedExposedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries); if (allowedExposedHeaders.Any()) { builder.WithExposedHeaders(allowedExposedHeaders); } } if (configData.IsAllowedCredentials && configData.AllowedOrigins != "*") { builder.AllowCredentials(); } else { builder.DisallowCredentials(); } }
public void DisallowCredential_SetsSupportsCredentials_ToFalse() { // Arrange var builder = new CorsPolicyBuilder(); // Act builder.DisallowCredentials(); // Assert var corsPolicy = builder.Build(); Assert.False(corsPolicy.SupportsCredentials); }
public static void AddApiConfig(this IServiceCollection services, IConfiguration configuration) { var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.AllowAnyOrigin(); corsBuilder.DisallowCredentials(); services.AddCors(options => { options.AddPolicy("AllowAll", corsBuilder.Build()); }); services.AddControllers(); }
public CorsPolicy Build() { CorsPolicyBuilder policy = new CorsPolicyBuilder(); if (this.AllowAnyOrigin) { policy.AllowAnyOrigin(); } else { policy.WithOrigins(this.Origins); } if (this.AllowAnyHeader) { policy.AllowAnyHeader(); } else { policy.WithHeaders(this.Headers); } if (this.AllowAnyMethod) { policy.AllowAnyMethod(); } else { policy.WithMethods(this.Methods); } if (this.SupportsCredentials) { policy.AllowCredentials(); } else { policy.DisallowCredentials(); } policy.WithExposedHeaders("content-disposition"); return(policy.Build()); }
public CorsPolicy Build() { var policy = new CorsPolicyBuilder(); if (this.AllowAnyOrigin) { policy.AllowAnyOrigin(); } else { policy.WithOrigins(this.Origins); } if (this.AllowAnyHeader) { policy.AllowAnyHeader(); } else { policy.WithHeaders(this.Headers); } if (this.AllowAnyMethod) { policy.AllowAnyMethod(); } else { policy.WithMethods(this.Methods); } if (this.SupportsCredentials) { policy.AllowCredentials(); } else { policy.DisallowCredentials(); } return(policy.Build()); }
private static void AddPolicy(CorsPolicyBuilder policyBuilder, CorsPolicyConfiguration policy) { if (policy.Origins.Length == 0) { throw new System.ArgumentException(); } policyBuilder.WithOrigins(policy.Origins); // Configure methods if (policy.Methods.Length == 0) { policyBuilder.AllowAnyMethod(); } else { policyBuilder.WithMethods(policy.Methods); } // Configure headers if (policy.Headers.Length == 0) { policyBuilder.AllowAnyHeader(); } else { policyBuilder.WithHeaders(policy.Headers); } //Configure credentials if (policy.AllowCredentials) { policyBuilder.AllowCredentials(); } else { policyBuilder.DisallowCredentials(); } }
public CorsPolicy Build() { CorsPolicyBuilder policy = new CorsPolicyBuilder(); if (AllowAnyOrigin) { policy.AllowAnyOrigin(); } else { policy.WithOrigins(Origins); } if (AllowAnyMethod) { policy.AllowAnyMethod(); } else { policy.WithMethods(Origins); } if (AllowAnyHeader) { policy.AllowAnyHeader(); } else { policy.WithHeaders(Origins); } if (AllowCredentials && Origins?.Length > 0) { policy.AllowCredentials(); } else { policy.DisallowCredentials(); } return(policy.Build()); }
public CorsPolicy Build() { CorsPolicyBuilder policy = new CorsPolicyBuilder(); if (Origins.IsEmpty()) { policy.AllowAnyOrigin(); } else { policy.WithOrigins(Origins); } if (Methods.IsEmpty()) { policy.AllowAnyMethod(); } else { policy.WithMethods(Origins); } if (Headers.IsEmpty()) { policy.AllowAnyHeader(); } else { policy.WithHeaders(Origins); } if (AllowCredentials) { policy.AllowCredentials(); } else { policy.DisallowCredentials(); } return(policy.Build()); }
public static IServiceCollection AddElectCors(this IServiceCollection services, [NotNull] Action <ElectCorsOptions> configuration) { services.Configure(configuration); var options = configuration.GetValue(); var corsBuilder = new CorsPolicyBuilder(); if (options.IsOriginAllowed != null) { corsBuilder.SetIsOriginAllowed(options.IsOriginAllowed); } else if (options.AllowOrigins?.Any() == true) { options.AllowOrigins = options.AllowOrigins.Distinct().OrderBy(x => x).ToList(); if (options.AllowOrigins.Contains("*")) { corsBuilder.SetIsOriginAllowed((origin) => true); } else { corsBuilder.WithOrigins(options.AllowOrigins.ToArray()); corsBuilder.SetIsOriginAllowedToAllowWildcardSubdomains(); } } if (options.AllowHeaders?.Any() == true) { if (options.AllowHeaders.Contains("*")) { corsBuilder.AllowAnyHeader(); } else { corsBuilder.WithHeaders(options.AllowHeaders.ToArray()); } } if (options.AllowMethods?.Any() == true) { if (options.AllowMethods.Contains("*")) { corsBuilder.AllowAnyMethod(); } else { corsBuilder.WithMethods(options.AllowMethods.ToArray()); } } if (options.IsAllowCredentials) { corsBuilder.AllowCredentials(); } else { corsBuilder.DisallowCredentials(); } options.ExtendPolicyBuilder?.Invoke(corsBuilder); services.AddCors(config => { config.DefaultPolicyName = options.PolicyName; config.AddDefaultPolicy(corsBuilder.Build()); options.ExtendPolicyOptions?.Invoke(config); }); services.Configure <MvcOptions>(config => { config.Filters.Add(new CorsAuthorizationFilterFactory(options.PolicyName)); }); services.TryAddTransient <CorsAuthorizationFilter, CorsAuthorizationFilter>(); return(services); }