public void GetCorsPolicyProvider_NullRequest_Throws() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); Assert.ThrowsArgumentNull(() => providerFactory.GetCorsPolicyProvider(null), "request"); }
public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object; providerFactory.DefaultPolicyProvider = mockProvider; HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/sample" ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); request.SetRouteData(route.GetRouteData("/", request)); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.Same(mockProvider, provider); }
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(); Func <string> action = new SampleController().Get; HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor { ControllerName = "Sample", ControllerType = typeof(SampleController) }; request.SetActionDescriptor( new ReflectedHttpActionDescriptor { MethodInfo = action.Method, ControllerDescriptor = controllerDescriptor } ); request.Headers.Add("Origin", "http://example.com"); ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request); Assert.NotNull(policyProvider); Assert.IsType <EnableCorsAttribute>(policyProvider); }
public void GetCorsPolicyProvider_Preflight_NoHttpConfiguration_Throws() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); // No HttpConfiguration set on the request. HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/sample" ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); HttpConfiguration config = new HttpConfiguration(); IHttpRoute route = config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); request.SetRouteData(route.GetRouteData("/", request)); Assert.Throws <InvalidOperationException>( () => providerFactory.GetCorsPolicyProvider(request), "The request does not have an associated configuration object." ); }
public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider( string httpMethod, string path, Type expectedProviderType ) { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/sample" + path ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); request.SetRouteData(route.GetRouteData("/", request)); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.IsType(expectedProviderType, provider); }
public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection() { // Arrange AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST"); HttpConfiguration config = new HttpConfiguration(); HttpControllerContext controllerContext = null; var actionSelector = new Mock<IHttpActionSelector>(); actionSelector.Setup(s => s.SelectAction(It.IsAny<HttpControllerContext>())) .Callback<HttpControllerContext>(context => { Assert.False(((SampleController)context.Controller).Disposed); controllerContext = context; }); config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.SetRouteData(route.GetRouteData("/", request)); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); // Assert Assert.True(((SampleController)controllerContext.Controller).Disposed); }
public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection() { // Arrange AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST"); HttpConfiguration config = new HttpConfiguration(); HttpControllerContext controllerContext = null; var actionSelector = new Mock <IHttpActionSelector>(); actionSelector.Setup(s => s.SelectAction(It.IsAny <HttpControllerContext>())) .Callback <HttpControllerContext>(context => { Assert.False(((SampleController)context.Controller).Disposed); controllerContext = context; }); config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.SetRouteData(route.GetRouteData("/", request)); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); // Assert Assert.True(((SampleController)controllerContext.Controller).Disposed); }
public static void Register(HttpConfiguration config) { config.EnableCors(); // Web API routes config.EnableSystemDiagnosticsTracing().IsVerbose = true; config.MapHttpAttributeRoutes(); var defaultPolicyProvider = new EnableCorsAttribute("*", "*", "*"); defaultPolicyProvider.SupportsCredentials = true; //important if you are sending cookies AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory(); policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider; config.SetCorsPolicyProviderFactory(policyProviderFactory); config.Routes.MapHttpRoute( name: "BatchApi", routeTemplate: "api/batch", defaults: null, constraints: null, handler: new DefaultHttpBatchHandler(GlobalConfiguration.DefaultServer)); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional }, constraints: null, handler: new CorsMessageHandler(config) { InnerHandler = new HttpControllerDispatcher(config) } ); }
public void GetCorsPolicyProvider_Preflight_Throws_WhenNoDefaultPolicyProviderAndActionSelectionFails() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/sample" ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); IHttpRoute route = config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); request.SetRouteData(route.GetRouteData("/", request)); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.Throws <HttpResponseException>( () => providerFactory.GetCorsPolicyProvider(request) ); }
public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/percontrollerconfig" ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider); string origin = Assert.Single(enableCorsAttribute.Origins); Assert.Equal("http://example.com", origin); }
public void GetCorsPolicyProvider_Preflight_NoRouteData_ReturnsNull() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); // No RouteData set on the request. HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); var provider = providerFactory.GetCorsPolicyProvider(request); Assert.Null(provider); }
public void GetCorsPolicyProvider_Preflight_NoRouteData_Throws() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); // No RouteData set on the request. HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); HttpConfiguration config = new HttpConfiguration(); request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config; Assert.Throws<InvalidOperationException>(() => providerFactory.GetCorsPolicyProvider(request), "No route data was found for this request."); }
public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider(string httpMethod, string path, Type expectedProviderType) { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample" + path); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod); HttpConfiguration config = new HttpConfiguration(); request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config; IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.IsType(expectedProviderType, provider); }
public void GetCorsPolicyProvider_Preflight_NoHttpConfiguration_Throws() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); // No HttpConfiguration set on the request. HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); HttpConfiguration config = new HttpConfiguration(); IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request); Assert.Throws<InvalidOperationException>(() => providerFactory.GetCorsPolicyProvider(request), "The request does not have an associated configuration object."); }
/// <summary> /// Enables the support for CORS. /// </summary> /// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param> /// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param> /// <exception cref="System.ArgumentNullException">httpConfiguration</exception> public static void EnableCors(this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider) { if (httpConfiguration == null) { throw new ArgumentNullException("httpConfiguration"); } if (defaultPolicyProvider != null) { AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory(); policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider; httpConfiguration.SetCorsPolicyProviderFactory(policyProviderFactory); } AddCorsMessageHandler(httpConfiguration); }
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnAction() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(); Func <string> action = new SampleController().Post; request.SetActionDescriptor(new ReflectedHttpActionDescriptor { MethodInfo = action.Method }); request.Headers.Add("Origin", "http://example.com"); ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request); Assert.NotNull(policyProvider); Assert.IsType(typeof(DisableCorsAttribute), policyProvider); }
public void GetCorsPolicyProvider_Preflight_NoRouteData_Throws() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); // No RouteData set on the request. HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); HttpConfiguration config = new HttpConfiguration(); request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config; Assert.Throws <InvalidOperationException>(() => providerFactory.GetCorsPolicyProvider(request), "No route data was found for this request."); }
public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); ICorsPolicyProvider mockProvider = new Mock<ICorsPolicyProvider>().Object; providerFactory.DefaultPolicyProvider = mockProvider; HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod"); HttpConfiguration config = new HttpConfiguration(); request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config; IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.Same(mockProvider, provider); }
public void GetCorsPolicyProvider_ReturnsDefaultPolicyProvider() { ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object; AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); providerFactory.DefaultPolicyProvider = mockProvider; HttpRequestMessage request = new HttpRequestMessage(); Func <string> action = new DefaultController().Get; request.SetActionDescriptor(new ReflectedHttpActionDescriptor { MethodInfo = action.Method }); request.Headers.Add("Origin", "http://example.com"); ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request); Assert.Same(mockProvider, policyProvider); }
public void GetCorsPolicyProvider_Preflight_DoesNotUseRouteDataOnTheRequest() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage( HttpMethod.Options, "http://localhost/sample" ); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "Put"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); var route = config.Routes.MapHttpRoute( "default", "{controller}/{id}", new { id = RouteParameter.Optional } ); request.SetRouteData( new HttpRouteData( route, new HttpRouteValueDictionary( new { action = "Options", controller = "sample", id = 2 } ) ) ); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider); Assert.Equal(2, enableCorsAttribute.Origins.Count()); Assert.Equal("http://example.com", enableCorsAttribute.Origins[0]); Assert.Equal("http://localhost", enableCorsAttribute.Origins[1]); }
public void GetCorsPolicyProvider_Preflight_Throws_WhenNoDefaultPolicyProviderAndActionSelectionFails() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod"); HttpConfiguration config = new HttpConfiguration(); request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config; IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request); Assert.True(request.GetCorsRequestContext().IsPreflight); Assert.Throws<HttpResponseException>(() => providerFactory.GetCorsPolicyProvider(request)); }
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(); Func<string> action = new SampleController().Get; HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor { ControllerName = "Sample", ControllerType = typeof(SampleController) }; request.SetActionDescriptor(new ReflectedHttpActionDescriptor { MethodInfo = action.Method, ControllerDescriptor = controllerDescriptor }); request.Headers.Add("Origin", "http://example.com"); ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request); Assert.NotNull(policyProvider); Assert.IsType(typeof(EnableCorsAttribute), policyProvider); }
public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/percontrollerconfig"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); EnableCorsAttribute enableCorsAttribute = Assert.IsType<EnableCorsAttribute>(provider); Assert.Equal(1, enableCorsAttribute.Origins.Count()); Assert.Equal("http://example.com", enableCorsAttribute.Origins.First()); }
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnAction() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(); Func<string> action = new SampleController().Post; request.Properties[HttpPropertyKeys.HttpActionDescriptorKey] = new ReflectedHttpActionDescriptor { MethodInfo = action.Method }; request.Headers.Add("Origin", "http://example.com"); ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request); Assert.NotNull(policyProvider); Assert.IsType(typeof(DisableCorsAttribute), policyProvider); }
public void GetCorsPolicyProvider_Preflight_DoesNotUseRouteDataOnTheRequest() { AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.Headers.Add("Origin", "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "Put"); HttpConfiguration config = new HttpConfiguration(); request.SetConfiguration(config); var route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional }); request.SetRouteData(new HttpRouteData(route, new HttpRouteValueDictionary(new { action = "Options", controller = "sample", id = 2 }))); ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request); Assert.True(request.GetCorsRequestContext().IsPreflight); EnableCorsAttribute enableCorsAttribute = Assert.IsType<EnableCorsAttribute>(provider); Assert.Equal(2, enableCorsAttribute.Origins.Count()); Assert.Equal("http://example.com", enableCorsAttribute.Origins[0]); Assert.Equal("http://localhost", enableCorsAttribute.Origins[1]); }
public void GetCorsPolicyProvider_ReturnsDefaultPolicyProvider() { ICorsPolicyProvider mockProvider = new Mock<ICorsPolicyProvider>().Object; AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory(); providerFactory.DefaultPolicyProvider = mockProvider; HttpRequestMessage request = new HttpRequestMessage(); Func<string> action = new DefaultController().Get; request.Properties[HttpPropertyKeys.HttpActionDescriptorKey] = new ReflectedHttpActionDescriptor { MethodInfo = action.Method }; request.Headers.Add("Origin", "http://example.com"); ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request); Assert.Same(mockProvider, policyProvider); }