public CorsPolicy Build()
{
CorsPolicyBuilder policy = new CorsPolicyBuilder();
ApplyAlls();
var origins = Origins.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
if (origins.Any())
{
if (origins.First() == "*")
{
policy.AllowAnyOrigin();
}
else
{
policy.WithOrigins(origins);
}
if (AllowCredentials && origins.First() != "*")
{
policy.AllowCredentials();
}
else
{
policy.DisallowCredentials();
}
}
var methods = Methods.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
if (methods.Any())
{
if (methods.First() == "*")
{
policy.AllowAnyMethod();
}
else
{
policy.WithMethods(methods);
}
}
var headers = Headers.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
if (headers.Any())
{
if (headers.First() == "*")
{
policy.AllowAnyHeader();
}
else
{
policy.WithHeaders(headers);
}
}
policy.SetIsOriginAllowedToAllowWildcardSubdomains();
return(policy.Build());
}
public static void SetupCors(this IServiceCollection services, IConfiguration configuration)
{
if (!configuration.GetValue <bool>("CorsEnabled"))
{
return;
}
var corsPolicies = configuration.GetSection("CorsPolicies");
if (corsPolicies.GetChildren().All(section => section.Key != KEYS_POLICY_NAME))
{
services.AddCors(options => options.AddPolicy(KEYS_POLICY_NAME,
builder => builder
.AllowCredentials()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyOrigin()
));
}
foreach (var policyConfiguration in corsPolicies.GetChildren())
{
var headers = policyConfiguration.GetSection("Headers").Value?.Split(',');
var methods = policyConfiguration.GetSection("Methods").Value?.Split(',');
var origins = policyConfiguration.GetSection("Origins").Value?.Split(',');
var exposedHeaders = policyConfiguration.GetSection("ExposedHeaders").Value?.Split(',');
if (methods == null || origins == null)
{
throw new InvalidOperationException(
$"Missing configuration fields for {policyConfiguration.Key}, please specify Headers, Methods, Origins and ExposedHeaders");
}
var policyBuilder = new CorsPolicyBuilder(origins);
policyBuilder
.WithHeaders(headers ?? new string[] { })
.WithMethods(methods)
.WithExposedHeaders(exposedHeaders ?? new string[] { });
if (policyConfiguration.GetValue <bool>("AllowCredentials"))
{
policyBuilder.AllowCredentials();
}
else
{
policyBuilder.DisallowCredentials();
}
var maxPreflightAge = policyConfiguration.GetValue <double>("MaxPreflightAge");
if (maxPreflightAge != 0)
{
policyBuilder.SetPreflightMaxAge(TimeSpan.FromSeconds(maxPreflightAge));
}
services.AddCors(options => options.AddPolicy(policyConfiguration.Key, policyBuilder.Build()));
}
}
internal static void AddCORS(CorsPolicyBuilder builder, Configuration configData)
{
if (!string.IsNullOrEmpty(configData.AllowedOrigins))
{
if (configData.AllowedOrigins == "*")
{
builder.AllowAnyOrigin();
}
else
{
var allowedOrigins = configData.AllowedOrigins.Split(",", StringSplitOptions.RemoveEmptyEntries);
builder.WithOrigins(allowedOrigins);
}
}
if (!string.IsNullOrEmpty(configData.AllowedMethods))
{
if (configData.AllowedMethods == "*")
{
builder.AllowAnyMethod();
}
else
{
var allowedMethods = configData.AllowedMethods.Split(",", StringSplitOptions.RemoveEmptyEntries);
builder.WithMethods(allowedMethods);
}
}
if (!string.IsNullOrEmpty(configData.AllowedHeaders))
{
if (configData.AllowedHeaders == "*")
{
builder.AllowAnyHeader();
}
else
{
var allowedHeaders = configData.AllowedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries);
builder.WithHeaders(allowedHeaders);
}
}
if (!string.IsNullOrEmpty(configData.AllowedExposedHeaders))
{
var allowedExposedHeaders = configData.AllowedExposedHeaders.Split(",", StringSplitOptions.RemoveEmptyEntries);
if (allowedExposedHeaders.Any())
{
builder.WithExposedHeaders(allowedExposedHeaders);
}
}
if (configData.IsAllowedCredentials && configData.AllowedOrigins != "*")
{
builder.AllowCredentials();
}
else
{
builder.DisallowCredentials();
}
}
public void DisallowCredential_SetsSupportsCredentials_ToFalse()
{
// Arrange
var builder = new CorsPolicyBuilder();
// Act
builder.DisallowCredentials();
// Assert
var corsPolicy = builder.Build();
Assert.False(corsPolicy.SupportsCredentials);
}
public static void AddApiConfig(this IServiceCollection services, IConfiguration configuration)
{
var corsBuilder = new CorsPolicyBuilder();
corsBuilder.AllowAnyHeader();
corsBuilder.AllowAnyMethod();
corsBuilder.AllowAnyOrigin();
corsBuilder.DisallowCredentials();
services.AddCors(options =>
{
options.AddPolicy("AllowAll", corsBuilder.Build());
});
services.AddControllers();
}
public CorsPolicy Build()
{
CorsPolicyBuilder policy = new CorsPolicyBuilder();
if (this.AllowAnyOrigin)
{
policy.AllowAnyOrigin();
}
else
{
policy.WithOrigins(this.Origins);
}
if (this.AllowAnyHeader)
{
policy.AllowAnyHeader();
}
else
{
policy.WithHeaders(this.Headers);
}
if (this.AllowAnyMethod)
{
policy.AllowAnyMethod();
}
else
{
policy.WithMethods(this.Methods);
}
if (this.SupportsCredentials)
{
policy.AllowCredentials();
}
else
{
policy.DisallowCredentials();
}
policy.WithExposedHeaders("content-disposition");
return(policy.Build());
}
public CorsPolicy Build()
{
var policy = new CorsPolicyBuilder();
if (this.AllowAnyOrigin)
{
policy.AllowAnyOrigin();
}
else
{
policy.WithOrigins(this.Origins);
}
if (this.AllowAnyHeader)
{
policy.AllowAnyHeader();
}
else
{
policy.WithHeaders(this.Headers);
}
if (this.AllowAnyMethod)
{
policy.AllowAnyMethod();
}
else
{
policy.WithMethods(this.Methods);
}
if (this.SupportsCredentials)
{
policy.AllowCredentials();
}
else
{
policy.DisallowCredentials();
}
return(policy.Build());
}
private static void AddPolicy(CorsPolicyBuilder policyBuilder, CorsPolicyConfiguration policy)
{
if (policy.Origins.Length == 0)
{
throw new System.ArgumentException();
}
policyBuilder.WithOrigins(policy.Origins);
// Configure methods
if (policy.Methods.Length == 0)
{
policyBuilder.AllowAnyMethod();
}
else
{
policyBuilder.WithMethods(policy.Methods);
}
// Configure headers
if (policy.Headers.Length == 0)
{
policyBuilder.AllowAnyHeader();
}
else
{
policyBuilder.WithHeaders(policy.Headers);
}
//Configure credentials
if (policy.AllowCredentials)
{
policyBuilder.AllowCredentials();
}
else
{
policyBuilder.DisallowCredentials();
}
}
public CorsPolicy Build()
{
CorsPolicyBuilder policy = new CorsPolicyBuilder();
if (AllowAnyOrigin)
{
policy.AllowAnyOrigin();
}
else
{
policy.WithOrigins(Origins);
}
if (AllowAnyMethod)
{
policy.AllowAnyMethod();
}
else
{
policy.WithMethods(Origins);
}
if (AllowAnyHeader)
{
policy.AllowAnyHeader();
}
else
{
policy.WithHeaders(Origins);
}
if (AllowCredentials && Origins?.Length > 0)
{
policy.AllowCredentials();
}
else
{
policy.DisallowCredentials();
}
return(policy.Build());
}
public CorsPolicy Build()
{
CorsPolicyBuilder policy = new CorsPolicyBuilder();
if (Origins.IsEmpty())
{
policy.AllowAnyOrigin();
}
else
{
policy.WithOrigins(Origins);
}
if (Methods.IsEmpty())
{
policy.AllowAnyMethod();
}
else
{
policy.WithMethods(Origins);
}
if (Headers.IsEmpty())
{
policy.AllowAnyHeader();
}
else
{
policy.WithHeaders(Origins);
}
if (AllowCredentials)
{
policy.AllowCredentials();
}
else
{
policy.DisallowCredentials();
}
return(policy.Build());
}
public static IServiceCollection AddElectCors(this IServiceCollection services,
[NotNull] Action <ElectCorsOptions> configuration)
{
services.Configure(configuration);
var options = configuration.GetValue();
var corsBuilder = new CorsPolicyBuilder();
if (options.IsOriginAllowed != null)
{
corsBuilder.SetIsOriginAllowed(options.IsOriginAllowed);
}
else if (options.AllowOrigins?.Any() == true)
{
options.AllowOrigins = options.AllowOrigins.Distinct().OrderBy(x => x).ToList();
if (options.AllowOrigins.Contains("*"))
{
corsBuilder.SetIsOriginAllowed((origin) => true);
}
else
{
corsBuilder.WithOrigins(options.AllowOrigins.ToArray());
corsBuilder.SetIsOriginAllowedToAllowWildcardSubdomains();
}
}
if (options.AllowHeaders?.Any() == true)
{
if (options.AllowHeaders.Contains("*"))
{
corsBuilder.AllowAnyHeader();
}
else
{
corsBuilder.WithHeaders(options.AllowHeaders.ToArray());
}
}
if (options.AllowMethods?.Any() == true)
{
if (options.AllowMethods.Contains("*"))
{
corsBuilder.AllowAnyMethod();
}
else
{
corsBuilder.WithMethods(options.AllowMethods.ToArray());
}
}
if (options.IsAllowCredentials)
{
corsBuilder.AllowCredentials();
}
else
{
corsBuilder.DisallowCredentials();
}
options.ExtendPolicyBuilder?.Invoke(corsBuilder);
services.AddCors(config =>
{
config.DefaultPolicyName = options.PolicyName;
config.AddDefaultPolicy(corsBuilder.Build());
options.ExtendPolicyOptions?.Invoke(config);
});
services.Configure <MvcOptions>(config =>
{
config.Filters.Add(new CorsAuthorizationFilterFactory(options.PolicyName));
});
services.TryAddTransient <CorsAuthorizationFilter, CorsAuthorizationFilter>();
return(services);
}
public void DisallowCredential_SetsSupportsCredentials_ToFalse()
{
// Arrange
var builder = new CorsPolicyBuilder();
// Act
builder.DisallowCredentials();
// Assert
var corsPolicy = builder.Build();
Assert.False(corsPolicy.SupportsCredentials);
}