private void ConfigureAuthorizerHttpClient(IServiceCollection services,
HttpClient client,
AuthorizerSetting settings,
CorsSetting corsSettings)
{
// access the DI container
var serviceProvider = services.BuildServiceProvider();
// Find the HttpContextAccessor service
var httpContextAccessor = serviceProvider.GetService <IHttpContextAccessor>();
// Get the bearer token from the request context (header)
string bearerToken = null;
bearerToken = httpContextAccessor.HttpContext.Request
.Headers["Authorization"]
.FirstOrDefault(h => h.StartsWith("bearer ", StringComparison.InvariantCultureIgnoreCase));
// Add authorization if found
if (bearerToken != null)
{
client.DefaultRequestHeaders.Add("Authorization", bearerToken);
}
// Add origin header
if (corsSettings != null && corsSettings.AllowedOrigins.Length > 0)
{
client.DefaultRequestHeaders.Add("Origin", $"{httpContextAccessor.HttpContext.Request.Scheme}://{httpContextAccessor.HttpContext.Request.Host.Value}");
}
//Other Settings
client.BaseAddress = new Uri($"{settings.Authority}/");
client.DefaultRequestHeaders.Add("Accept", "application/x-www-form-urlencoded");
}
public void InstallServices(IServiceCollection services, IConfiguration configuration)
{
var authorizerSetting = new AuthorizerSetting();
configuration.GetSection("Authorizer").Bind(authorizerSetting);
if (!services.Any(x => x.ServiceType == typeof(AuthorizerSetting)))
{
services.AddSingleton(authorizerSetting);
}
var corsSetting = new CorsSetting();
configuration.GetSection(nameof(CorsSetting)).Bind(corsSetting);
if (!services.Any(x => x.ServiceType == typeof(CorsSetting)))
{
services.AddSingleton(corsSetting);
}
// http client services
services.AddHttpClient("authorizer", c =>
{
ConfigureAuthorizerHttpClient(services, c, authorizerSetting, corsSetting);
});
}
public void InstallServices(IServiceCollection services, IConfiguration configuration)
{
var corsSetting = new CorsSetting();
configuration.GetSection(nameof(CorsSetting)).Bind(corsSetting);
if (!services.Any(x => x.ServiceType == typeof(CorsSetting)))
{
services.AddSingleton(corsSetting);
}
services.AddCors(options =>
{
options.AddDefaultPolicy(
builder =>
{
builder.WithOrigins(corsSetting.AllowedOrigins)
.AllowAnyMethod()
.AllowAnyHeader();
});
});
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by using an asynchronous GET request.
/// </summary>
/// <param name="requester">The requester to use.</param>
/// <param name="url">The url that yields the path to the desired action.</param>
/// <param name="cors">The cross origin settings to use.</param>
/// <param name="origin">The origin of the page that requests the loading.</param>
/// <param name="defaultBehavior">The default behavior in case it is undefined.</param>
/// <param name="cancel">The token which can be used to cancel the request.</param>
/// <returns>The task which will eventually return the stream.</returns>
public static Task <IResponse> LoadWithCorsAsync(this IRequester requester, Url url, CorsSetting cors, String origin, OriginBehavior defaultBehavior, CancellationToken cancel)
{
//TODO
//http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
return(requester.RequestAsync(new DefaultRequest
{
Address = url,
Method = HttpMethod.Get
}, cancel));
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by using an asynchronous GET request.
/// </summary>
/// <param name="requester">The requester to use.</param>
/// <param name="url">The url that yields the path to the desired action.</param>
/// <param name="cors">The cross origin settings to use.</param>
/// <param name="origin">The origin of the page that requests the loading.</param>
/// <param name="defaultBehavior">The default behavior in case it is undefined.</param>
/// <returns>The task which will eventually return the stream.</returns>
public static Task <IResponse> LoadWithCorsAsync(this IRequester requester, Url url, CorsSetting cors, String origin, OriginBehavior defaultBehavior)
{
return(requester.LoadWithCorsAsync(url, cors, origin, defaultBehavior, CancellationToken.None));
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by
/// using an asynchronous GET request. For more information see:
/// http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
/// </summary>
/// <param name="loader">The resource loader to use.</param>
/// <param name="request">The request to issue.</param>
/// <param name="setting">The cross origin settings to use.</param>
/// <param name="behavior">
/// The default behavior in case it is undefined.
/// </param>
/// <param name="cancel">
/// The token which can be used to cancel the request.
/// </param>
/// <returns>
/// The task which will eventually return the stream.
/// </returns>
public static async Task<IResponse> FetchWithCorsAsync(this IResourceLoader loader, ResourceRequest request, CorsSetting setting, OriginBehavior behavior, CancellationToken cancel)
{
if (loader == null)
return null;
var url = request.Target;
if (request.Origin == url.Origin || url.Scheme == KnownProtocols.Data || url.Href == "about:blank")
{
while (true)
{
var data = new ResourceRequest(request.Source, url)
{
Origin = request.Origin,
IsManualRedirectDesired = true
};
var result = await loader.LoadAsync(data, cancel).ConfigureAwait(false);
if (result.StatusCode == HttpStatusCode.Redirect ||
result.StatusCode == HttpStatusCode.RedirectKeepVerb ||
result.StatusCode == HttpStatusCode.RedirectMethod ||
result.StatusCode == HttpStatusCode.TemporaryRedirect ||
result.StatusCode == HttpStatusCode.MovedPermanently ||
result.StatusCode == HttpStatusCode.MultipleChoices)
{
url = new Url(result.Headers.GetOrDefault(HeaderNames.Location, url.Href));
if (request.Origin == url.Origin)
{
request = new ResourceRequest(request.Source, url)
{
IsCookieBlocked = request.IsCookieBlocked,
IsSameOriginForced = request.IsSameOriginForced,
Origin = request.Origin
};
return await loader.FetchWithCorsAsync(request, setting, behavior, cancel).ConfigureAwait(false);
}
}
else
{
return result;
}
}
}
if (setting == CorsSetting.None)
{
if (behavior == OriginBehavior.Taint)
await loader.LoadAsync(request, cancel).ConfigureAwait(false);
}
if (setting == CorsSetting.Anonymous)
request.IsCredentialOmitted = true;
if (setting == CorsSetting.Anonymous || setting == CorsSetting.UseCredentials)
{
var result = await loader.FetchAsync(request, cancel).ConfigureAwait(false);
//TODO If CORS cross-origin request is success
if (result != null && result.StatusCode == HttpStatusCode.OK)
return result;
}
throw new DomException(DomError.Network);
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by
/// using an asynchronous GET request. For more information see:
/// http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
/// </summary>
/// <param name="loader">The resource loader to use.</param>
/// <param name="request">The request to issue.</param>
/// <param name="setting">The cross origin settings to use.</param>
/// <param name="behavior">
/// The default behavior in case it is undefined.
/// </param>
/// <param name="cancel">
/// The token which can be used to cancel the request.
/// </param>
/// <returns>
/// The task which will eventually return the stream.
/// </returns>
public static async Task <IResponse> FetchWithCorsAsync(this IResourceLoader loader, ResourceRequest request, CorsSetting setting, OriginBehavior behavior, CancellationToken cancel)
{
if (loader == null)
{
return(null);
}
var url = request.Target;
if (request.Origin == url.Origin || url.Scheme == KnownProtocols.Data || url.Href == "about:blank")
{
while (true)
{
var data = new ResourceRequest(request.Source, url)
{
Origin = request.Origin,
IsManualRedirectDesired = true
};
var result = await loader.LoadAsync(data, cancel).ConfigureAwait(false);
if (result.StatusCode == HttpStatusCode.Redirect ||
result.StatusCode == HttpStatusCode.RedirectKeepVerb ||
result.StatusCode == HttpStatusCode.RedirectMethod ||
result.StatusCode == HttpStatusCode.TemporaryRedirect ||
result.StatusCode == HttpStatusCode.MovedPermanently ||
result.StatusCode == HttpStatusCode.MultipleChoices)
{
url = new Url(result.Headers.GetOrDefault(HeaderNames.Location, url.Href));
if (request.Origin == url.Origin)
{
request = new ResourceRequest(request.Source, url)
{
IsCookieBlocked = request.IsCookieBlocked,
IsSameOriginForced = request.IsSameOriginForced,
Origin = request.Origin
};
return(await loader.FetchWithCorsAsync(request, setting, behavior, cancel).ConfigureAwait(false));
}
}
else
{
return(result);
}
}
}
else if (setting == CorsSetting.None)
{
if (behavior == OriginBehavior.Fail)
{
throw new DomException(DomError.Network);
}
return(await loader.LoadAsync(request, cancel).ConfigureAwait(false));
}
else if (setting == CorsSetting.Anonymous || setting == CorsSetting.UseCredentials)
{
request.IsCredentialOmitted = setting == CorsSetting.Anonymous;
var result = await loader.FetchAsync(request, cancel).ConfigureAwait(false);
if (result != null && result.StatusCode == HttpStatusCode.OK)
{
return(result);
}
else if (result != null)
{
result.Dispose();
}
}
throw new DomException(DomError.Network);
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by
/// using an asynchronous GET request. For more information see:
/// http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
/// </summary>
/// <param name="loader">The resource loader to use.</param>
/// <param name="request">The request to issue.</param>
/// <param name="setting">The cross origin settings to use.</param>
/// <param name="behavior">
/// The default behavior in case it is undefined.
/// </param>
/// <returns>
/// The task which will eventually return the stream.
/// </returns>
public static async Task <IResponse> FetchWithCorsAsync(this IResourceLoader loader, ResourceRequest request, CorsSetting setting, OriginBehavior behavior)
{
var url = request.Target;
if (request.Origin == url.Origin || url.Scheme == ProtocolNames.Data || url.Href == "about:blank")
{
while (true)
{
var data = new ResourceRequest(request.Source, url)
{
Origin = request.Origin,
IsManualRedirectDesired = true
};
var result = await loader.DownloadAsync(data).Task.ConfigureAwait(false);
if (result.IsRedirected())
{
url = new Url(result.Headers.GetOrDefault(HeaderNames.Location, url.Href));
if (request.Origin.Is(url.Origin))
{
request = new ResourceRequest(request.Source, url)
{
IsCookieBlocked = request.IsCookieBlocked,
IsSameOriginForced = request.IsSameOriginForced,
Origin = request.Origin
};
return(await loader.FetchWithCorsAsync(request, setting, behavior).ConfigureAwait(false));
}
}
else
{
return(result);
}
}
}
else if (setting == CorsSetting.None)
{
if (behavior == OriginBehavior.Fail)
{
throw new DomException(DomError.Network);
}
return(await loader.DownloadAsync(request).Task.ConfigureAwait(false));
}
else if (setting == CorsSetting.Anonymous || setting == CorsSetting.UseCredentials)
{
request.IsCredentialOmitted = setting == CorsSetting.Anonymous;
var result = await loader.FetchAsync(request).ConfigureAwait(false);
if (result != null && result.StatusCode == HttpStatusCode.OK)
{
return(result);
}
else if (result != null)
{
result.Dispose();
}
}
throw new DomException(DomError.Network);
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by
/// using an asynchronous GET request. For more information see:
/// http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
/// </summary>
/// <param name="loader">The resource loader to use.</param>
/// <param name="request">The request to issue.</param>
/// <param name="setting">The cross origin settings to use.</param>
/// <param name="behavior">
/// The default behavior in case it is undefined.
/// </param>
/// <returns>
/// The task which will eventually return the stream.
/// </returns>
public static async Task<IResponse> FetchWithCorsAsync(this IResourceLoader loader, ResourceRequest request, CorsSetting setting, OriginBehavior behavior)
{
var url = request.Target;
if (request.Origin == url.Origin || url.Scheme == ProtocolNames.Data || url.Href == "about:blank")
{
while (true)
{
var data = new ResourceRequest(request.Source, url)
{
Origin = request.Origin,
IsManualRedirectDesired = true
};
var result = await loader.DownloadAsync(data).Task.ConfigureAwait(false);
if (result.IsRedirected())
{
url = new Url(result.Headers.GetOrDefault(HeaderNames.Location, url.Href));
if (request.Origin.Is(url.Origin))
{
request = new ResourceRequest(request.Source, url)
{
IsCookieBlocked = request.IsCookieBlocked,
IsSameOriginForced = request.IsSameOriginForced,
Origin = request.Origin
};
return await loader.FetchWithCorsAsync(request, setting, behavior).ConfigureAwait(false);
}
}
else
{
return result;
}
}
}
else if (setting == CorsSetting.None)
{
if (behavior == OriginBehavior.Fail)
{
throw new DomException(DomError.Network);
}
return await loader.DownloadAsync(request).Task.ConfigureAwait(false);
}
else if (setting == CorsSetting.Anonymous || setting == CorsSetting.UseCredentials)
{
request.IsCredentialOmitted = setting == CorsSetting.Anonymous;
var result = await loader.FetchAsync(request).ConfigureAwait(false);
if (result != null && result.StatusCode == HttpStatusCode.OK)
{
return result;
}
else if (result != null)
{
result.Dispose();
}
}
throw new DomException(DomError.Network);
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by using an asynchronous GET request.
/// </summary>
/// <param name="configuration">The configuration to use.</param>
/// <param name="url">The url that yields the path to the desired action.</param>
/// <param name="cors">The cross origin settings to use.</param>
/// <param name="origin">The origin of the page that requests the loading.</param>
/// <param name="defaultBehavior">The default behavior in case it is undefined.</param>
/// <returns>The task which will eventually return the stream.</returns>
public static Task<Stream> LoadWithCorsAsync(this IConfiguration configuration, Url url, CorsSetting cors, String origin, OriginBehavior defaultBehavior)
{
return configuration.LoadWithCorsAsync(url, cors, origin, defaultBehavior, CancellationToken.None);
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by using an asynchronous GET request.
/// </summary>
/// <param name="configuration">The configuration to use.</param>
/// <param name="url">The url that yields the path to the desired action.</param>
/// <param name="cors">The cross origin settings to use.</param>
/// <param name="origin">The origin of the page that requests the loading.</param>
/// <param name="defaultBehavior">The default behavior in case it is undefined.</param>
/// <param name="cancel">The token which can be used to cancel the request.</param>
/// <returns>The task which will eventually return the stream.</returns>
public static async Task<Stream> LoadWithCorsAsync(this IConfiguration configuration, Url url, CorsSetting cors, String origin, OriginBehavior defaultBehavior, CancellationToken cancel)
{
if (!configuration.AllowRequests)
return Stream.Null;
var requester = configuration.GetRequester();
if (requester == null)
throw new NullReferenceException("No HTTP requester has been set up in the configuration.");
var request = configuration.CreateRequest();
if (request == null)
throw new NullReferenceException("Unable to create instance of IRequest. Try changing the provided configuration.");
request.Address = url;
request.Method = HttpMethod.Get;
//TODO
//http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
var response = await requester.RequestAsync(request, cancel);
return response.Content;
}
static IDownload FetchWithCors(this IResourceLoader loader, ResourceRequest request, CorsSetting setting)
{
request.IsCredentialOmitted = setting == CorsSetting.Anonymous;
var download = loader.DownloadAsync(request);
return(download.Wrap(response =>
{
if (response != null && response.StatusCode == HttpStatusCode.OK)
{
return download;
}
else if (response != null)
{
response.Dispose();
}
throw new DomException(DomError.Network);
}));
}
static IDownload FetchWithCors(this IResourceLoader loader, Url url, ResourceRequest request, CorsSetting setting, OriginBehavior behavior)
{
var download = loader.DownloadAsync(new ResourceRequest(request.Source, url)
{
Origin = request.Origin,
IsManualRedirectDesired = true
});
return(download.Wrap(response =>
{
if (response.IsRedirected())
{
url.Href = response.Headers.GetOrDefault(HeaderNames.Location, url.Href);
if (request.Origin.Is(url.Origin))
{
return loader.FetchWithCors(new ResourceRequest(request.Source, url)
{
IsCookieBlocked = request.IsCookieBlocked,
IsSameOriginForced = request.IsSameOriginForced,
Origin = request.Origin
}, setting, behavior);
}
return loader.FetchWithCors(url, request, setting, behavior);
}
else
{
return download;
}
}));
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by
/// using an asynchronous GET request. For more information see:
/// http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
/// </summary>
/// <param name="loader">The resource loader to use.</param>
/// <param name="request">The request to issue.</param>
/// <param name="setting">The cross origin settings to use.</param>
/// <param name="behavior">
/// The default behavior in case it is undefined.
/// </param>
/// <returns>
/// The task that will eventually give the resource's response data.
/// </returns>
public static IDownload FetchWithCors(this IResourceLoader loader, ResourceRequest request, CorsSetting setting, OriginBehavior behavior)
{
var url = request.Target;
if (request.Origin == url.Origin || url.Scheme == ProtocolNames.Data || url.Href == "about:blank")
{
return(loader.FetchWithCors(url, request, setting, behavior));
}
else if (setting == CorsSetting.Anonymous || setting == CorsSetting.UseCredentials)
{
return(loader.FetchWithCors(request, setting));
}
else if (setting == CorsSetting.None)
{
return(loader.FetchWithoutCors(request, behavior));
}
throw new DomException(DomError.Network);
}
