From df668017eebf98f8d724177d220712c0e6218114 Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Fri, 9 Nov 2018 15:29:00 -0800
Subject: [PATCH 1/4] Add HTTPS tests for node/browser tests (#3283)

---
 build/dependencies.props                      |  96 +++++++++---------
 clients/ts/FunctionalTests/Program.cs         |  40 +++++++-
 .../scripts/karma.local.conf.js               |   3 +-
 .../ts/FunctionalTests/scripts/run-tests.ts   |  40 +++++---
 clients/ts/FunctionalTests/testCert.pfx       | Bin 0 -> 2483 bytes
 clients/ts/FunctionalTests/testCertECC.pfx    | Bin 0 -> 1403 bytes
 clients/ts/FunctionalTests/ts/Common.ts       |  16 ++-
 .../FunctionalTests/ts/HubConnectionTests.ts  |  32 +++++-
 8 files changed, 158 insertions(+), 69 deletions(-)
 create mode 100644 clients/ts/FunctionalTests/testCert.pfx
 create mode 100644 clients/ts/FunctionalTests/testCertECC.pfx

diff --git a/build/dependencies.props b/build/dependencies.props
index 1dd1f2c38f..361fce7a5f 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -5,58 +5,58 @@
   <PropertyGroup Label="Package Versions">
     <BenchmarkDotNetPackageVersion>0.10.13</BenchmarkDotNetPackageVersion>
     <GoogleProtobufPackageVersion>3.1.0</GoogleProtobufPackageVersion>
-    <InternalAspNetCoreAnalyzersPackageVersion>2.2.0-rtm-35532</InternalAspNetCoreAnalyzersPackageVersion>
+    <InternalAspNetCoreAnalyzersPackageVersion>2.2.0-rtm-181106-13</InternalAspNetCoreAnalyzersPackageVersion>
     <InternalAspNetCoreSdkPackageVersion>2.2.0-preview2-20181011.2</InternalAspNetCoreSdkPackageVersion>
     <MessagePackPackageVersion>1.7.3.4</MessagePackPackageVersion>
-    <MicrosoftAspNetCoreAllPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreAllPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>
-    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
-    <MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>
-    <MicrosoftAspNetCoreAuthorizationPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreAuthorizationPackageVersion>
-    <MicrosoftAspNetCoreAuthorizationPolicyPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreAuthorizationPolicyPackageVersion>
-    <MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>
-    <MicrosoftAspNetCoreConnectionsAbstractionsPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreConnectionsAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreAllPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreAllPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreAuthenticationCookiesPackageVersion>
+    <MicrosoftAspNetCoreAuthenticationCorePackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreAuthenticationCorePackageVersion>
+    <MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion>
+    <MicrosoftAspNetCoreAuthorizationPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreAuthorizationPackageVersion>
+    <MicrosoftAspNetCoreAuthorizationPolicyPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreAuthorizationPolicyPackageVersion>
+    <MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>2.2.0-rtm-181106-13</MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>
+    <MicrosoftAspNetCoreConnectionsAbstractionsPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreConnectionsAbstractionsPackageVersion>
     <MicrosoftAspNetCoreCorsPackageVersion>2.2.0-preview3-35457</MicrosoftAspNetCoreCorsPackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>
-    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreDiagnosticsPackageVersion>
-    <MicrosoftAspNetCoreHostingAbstractionsPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreHostingAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreHostingPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreHostingPackageVersion>
-    <MicrosoftAspNetCoreHttpAbstractionsPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreHttpAbstractionsPackageVersion>
-    <MicrosoftAspNetCoreHttpFeaturesPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreHttpFeaturesPackageVersion>
-    <MicrosoftAspNetCoreHttpPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreHttpPackageVersion>
-    <MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>
-    <MicrosoftAspNetCoreMvcPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreMvcPackageVersion>
-    <MicrosoftAspNetCoreRoutingPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreRoutingPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftAspNetCoreTestingPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreTestingPackageVersion>
-    <MicrosoftAspNetCoreWebSocketsPackageVersion>2.2.0-rtm-35532</MicrosoftAspNetCoreWebSocketsPackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreDiagnosticsEntityFrameworkCorePackageVersion>
+    <MicrosoftAspNetCoreDiagnosticsPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreDiagnosticsPackageVersion>
+    <MicrosoftAspNetCoreHostingAbstractionsPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreHostingAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreHostingPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreHostingPackageVersion>
+    <MicrosoftAspNetCoreHttpAbstractionsPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreHttpAbstractionsPackageVersion>
+    <MicrosoftAspNetCoreHttpFeaturesPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreHttpFeaturesPackageVersion>
+    <MicrosoftAspNetCoreHttpPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreHttpPackageVersion>
+    <MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreIdentityEntityFrameworkCorePackageVersion>
+    <MicrosoftAspNetCoreMvcPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreMvcPackageVersion>
+    <MicrosoftAspNetCoreRoutingPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreRoutingPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftAspNetCoreTestingPackageVersion>2.2.0-rtm-181106-13</MicrosoftAspNetCoreTestingPackageVersion>
+    <MicrosoftAspNetCoreWebSocketsPackageVersion>2.2.0-rtm-35661</MicrosoftAspNetCoreWebSocketsPackageVersion>
     <MicrosoftCSharpPackageVersion>4.5.0</MicrosoftCSharpPackageVersion>
-    <MicrosoftEntityFrameworkCoreDesignPackageVersion>2.2.0-rtm-35532</MicrosoftEntityFrameworkCoreDesignPackageVersion>
-    <MicrosoftEntityFrameworkCoreSqlServerPackageVersion>2.2.0-rtm-35532</MicrosoftEntityFrameworkCoreSqlServerPackageVersion>
-    <MicrosoftEntityFrameworkCoreToolsPackageVersion>2.2.0-rtm-35532</MicrosoftEntityFrameworkCoreToolsPackageVersion>
-    <MicrosoftExtensionsBuffersTestingSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsBuffersTestingSourcesPackageVersion>
-    <MicrosoftExtensionsClosedGenericMatcherSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsClosedGenericMatcherSourcesPackageVersion>
-    <MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>
-    <MicrosoftExtensionsConfigurationCommandLinePackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsConfigurationCommandLinePackageVersion>
-    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
-    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsDependencyInjectionPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConfigurationPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsLoggingConfigurationPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingDebugPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsLoggingDebugPackageVersion>
-    <MicrosoftExtensionsLoggingPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsLoggingPackageVersion>
-    <MicrosoftExtensionsLoggingTestingPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsLoggingTestingPackageVersion>
-    <MicrosoftExtensionsObjectMethodExecutorSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsObjectMethodExecutorSourcesPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
-    <MicrosoftExtensionsValueStopwatchSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsValueStopwatchSourcesPackageVersion>
-    <MicrosoftExtensionsWebEncodersSourcesPackageVersion>2.2.0-rtm-35532</MicrosoftExtensionsWebEncodersSourcesPackageVersion>
-    <MicrosoftNETCoreApp22PackageVersion>2.2.0-preview3-27014-02</MicrosoftNETCoreApp22PackageVersion>
+    <MicrosoftEntityFrameworkCoreDesignPackageVersion>2.2.0-rtm-35661</MicrosoftEntityFrameworkCoreDesignPackageVersion>
+    <MicrosoftEntityFrameworkCoreSqlServerPackageVersion>2.2.0-rtm-35661</MicrosoftEntityFrameworkCoreSqlServerPackageVersion>
+    <MicrosoftEntityFrameworkCoreToolsPackageVersion>2.2.0-rtm-35661</MicrosoftEntityFrameworkCoreToolsPackageVersion>
+    <MicrosoftExtensionsBuffersTestingSourcesPackageVersion>2.2.0-rtm-35661</MicrosoftExtensionsBuffersTestingSourcesPackageVersion>
+    <MicrosoftExtensionsClosedGenericMatcherSourcesPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsClosedGenericMatcherSourcesPackageVersion>
+    <MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsCommandLineUtilsSourcesPackageVersion>
+    <MicrosoftExtensionsConfigurationCommandLinePackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsConfigurationCommandLinePackageVersion>
+    <MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsConfigurationEnvironmentVariablesPackageVersion>
+    <MicrosoftExtensionsConfigurationUserSecretsPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsConfigurationUserSecretsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsDependencyInjectionPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConfigurationPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsLoggingConfigurationPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingDebugPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsLoggingDebugPackageVersion>
+    <MicrosoftExtensionsLoggingPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsLoggingPackageVersion>
+    <MicrosoftExtensionsLoggingTestingPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsLoggingTestingPackageVersion>
+    <MicrosoftExtensionsObjectMethodExecutorSourcesPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsObjectMethodExecutorSourcesPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftExtensionsSecurityHelperSourcesPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsSecurityHelperSourcesPackageVersion>
+    <MicrosoftExtensionsValueStopwatchSourcesPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsValueStopwatchSourcesPackageVersion>
+    <MicrosoftExtensionsWebEncodersSourcesPackageVersion>2.2.0-rtm-181106-13</MicrosoftExtensionsWebEncodersSourcesPackageVersion>
+    <MicrosoftNETCoreApp22PackageVersion>2.2.0-rtm-27105-02</MicrosoftNETCoreApp22PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MoqPackageVersion>4.10.0</MoqPackageVersion>
     <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
diff --git a/clients/ts/FunctionalTests/Program.cs b/clients/ts/FunctionalTests/Program.cs
index 0a95291396..a762f99e55 100644
--- a/clients/ts/FunctionalTests/Program.cs
+++ b/clients/ts/FunctionalTests/Program.cs
@@ -3,8 +3,11 @@
 
 using System;
 using System.IO;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Logging;
+using Microsoft.Win32;
 
 namespace FunctionalTests
 {
@@ -31,7 +34,42 @@ namespace FunctionalTests
                     factory.AddDebug();
                     factory.SetMinimumLevel(LogLevel.Information);
                 })
-                .UseKestrel()
+                .UseKestrel((builderContext, options) =>
+                {
+                    options.ConfigureHttpsDefaults(httpsOptions =>
+                    {
+                        bool useRSA = false;
+                        if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+                        {
+                            // Detect Win10+
+                            var key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion");
+                            var major = key.GetValue("CurrentMajorVersionNumber") as int?;
+                            var minor = key.GetValue("CurrentMinorVersionNumber") as int?;
+
+                            if (major.HasValue && minor.HasValue)
+                            {
+                                useRSA = true;
+                            }
+                        }
+                        else
+                        {
+                            useRSA = true;
+                        }
+
+                        if (useRSA)
+                        {
+                            // RSA cert, won't work on Windows 8.1 & Windows 2012 R2 using HTTP2, and ECC won't work in some Node environments
+                            var certPath = Path.Combine(Directory.GetCurrentDirectory(), "testCert.pfx");
+                            httpsOptions.ServerCertificate = new X509Certificate2(certPath, "testPassword");
+                        }
+                        else
+                        {
+                            // ECC cert, works on Windows 8.1 & Windows 2012 R2 using HTTP2
+                            var certPath = Path.Combine(Directory.GetCurrentDirectory(), "testCertECC.pfx");
+                            httpsOptions.ServerCertificate = new X509Certificate2(certPath, "testPassword");
+                        }
+                    });
+                })
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>();
diff --git a/clients/ts/FunctionalTests/scripts/karma.local.conf.js b/clients/ts/FunctionalTests/scripts/karma.local.conf.js
index 3c127435b9..fdcb9b779b 100644
--- a/clients/ts/FunctionalTests/scripts/karma.local.conf.js
+++ b/clients/ts/FunctionalTests/scripts/karma.local.conf.js
@@ -57,8 +57,9 @@ try {
         ChromeHeadlessNoSandbox: {
           base: 'ChromeHeadless',
 
+          // Ignore cert errors to allow our test cert to work (NEVER do this outside of testing)
           // ChromeHeadless runs about 10x slower on Windows 7 machines without the --proxy switches below. Why? ¯\_(ツ)_/¯
-          flags: ["--no-sandbox", "--proxy-server='direct://'", "--proxy-bypass-list=*"]
+          flags: ["--no-sandbox", "--proxy-server='direct://'", "--proxy-bypass-list=*", "--allow-insecure-localhost", "--ignore-certificate-errors"]
         }
       },
     });
diff --git a/clients/ts/FunctionalTests/scripts/run-tests.ts b/clients/ts/FunctionalTests/scripts/run-tests.ts
index 3fcda8945a..7dd600eded 100644
--- a/clients/ts/FunctionalTests/scripts/run-tests.ts
+++ b/clients/ts/FunctionalTests/scripts/run-tests.ts
@@ -33,11 +33,12 @@ setTimeout(() => {
     process.exit(1);
 }, 1000 * 60 * 10);
 
-function waitForMatch(command: string, process: ChildProcess, regex: RegExp): Promise<RegExpMatchArray> {
-    return new Promise<RegExpMatchArray>((resolve, reject) => {
+function waitForMatches(command: string, process: ChildProcess, regex: RegExp, matchCount: number): Promise<RegExpMatchArray> {
+    return new Promise<string[]>((resolve, reject) => {
         const commandDebug = _debug(`${command}`);
         try {
             let lastLine = "";
+            let results: string[] = null;
 
             async function onData(this: Readable, chunk: string | Buffer): Promise<void> {
                 try {
@@ -50,15 +51,23 @@ function waitForMatch(command: string, process: ChildProcess, regex: RegExp): Pr
                         lastLine = "";
 
                         chunk = chunk.substring(lineEnd + EOL.length);
+                        const res = regex.exec(chunkLine);
+                        if (results == null && res != null) {
+                            results = res;
+                        } else if (res != null) {
+                            results = Array<string>().concat(results, res);
+                        }
 
-                        const results = regex.exec(chunkLine);
-                        commandDebug(chunkLine);
-                        if (results && results.length > 0) {
+                        // * 2 because each match will have the original line plus the match
+                        if (results && results.length >= matchCount * 2) {
                             resolve(results);
                             return;
                         }
+
+                        commandDebug(chunkLine);
                         lineEnd = chunk.indexOf(EOL);
                     }
+
                     lastLine = chunk.toString();
                 } catch (e) {
                     this.removeAllListeners("data");
@@ -158,15 +167,17 @@ function runKarma(karmaConfig) {
     });
 }
 
-function runJest(url: string) {
+function runJest(httpsUrl: string, httpUrl: string) {
     const jestPath = path.resolve(__dirname, "..", "..", "common", "node_modules", "jest", "bin", "jest.js");
     const configPath = path.resolve(__dirname, "..", "func.jest.config.js");
 
     console.log("Starting Node tests using Jest.");
     return new Promise<number>((resolve, reject) => {
         const logStream = fs.createWriteStream(path.resolve(__dirname, "..", "..", "..", "..", "artifacts", "logs", "node.functionaltests.log"));
-        const p = exec(`"${process.execPath}" "${jestPath}" --config "${configPath}"`, { env: { SERVER_URL: url }, timeout: 200000, maxBuffer: 10 * 1024 * 1024 },
+        // Use NODE_TLS_REJECT_UNAUTHORIZED to allow our test cert to be used by the Node tests (NEVER use this environment variable outside of testing)
+        const p = exec(`"${process.execPath}" "${jestPath}" --config "${configPath}"`, { env: { SERVER_URL: `${httpsUrl};${httpUrl}`, NODE_TLS_REJECT_UNAUTHORIZED: 0 }, timeout: 200000, maxBuffer: 10 * 1024 * 1024 },
             (error: any, stdout, stderr) => {
+                console.log("Finished Node tests.");
                 if (error) {
                     console.log(error.message);
                     return resolve(error.code);
@@ -183,7 +194,7 @@ function runJest(url: string) {
         const serverPath = path.resolve(__dirname, "..", "bin", configuration, "netcoreapp2.2", "FunctionalTests.dll");
 
         debug(`Launching Functional Test Server: ${serverPath}`);
-        let desiredServerUrl = "http://127.0.0.1:0";
+        let desiredServerUrl = "https://127.0.0.1:0;http://127.0.0.1:0";
 
         if (sauce) {
             // SauceLabs can only proxy certain ports for Edge and Safari.
@@ -212,11 +223,12 @@ function runJest(url: string) {
         process.on("exit", cleanup);
 
         debug("Waiting for Functional Test Server to start");
-        const matches = await waitForMatch("dotnet", dotnet, /Now listening on: (http:\/\/[^\/]+:[\d]+)/);
-        const url = matches[1];
-        debug(`Functional Test Server has started at ${url}`);
+        const matches = await waitForMatches("dotnet", dotnet, /Now listening on: (https?:\/\/[^\/]+:[\d]+)/, 2);
+        const httpsUrl = matches[1];
+        const httpUrl = matches[3];
+        debug(`Functional Test Server has started at ${httpsUrl} and ${httpUrl}`);
 
-        debug(`Using SignalR Server: ${url}`);
+        debug(`Using SignalR Server: ${httpsUrl} and ${httpUrl}`);
 
         // Start karma server
         const conf = {
@@ -238,9 +250,9 @@ function runJest(url: string) {
         }
 
         // Pass server URL to tests
-        conf.client.args = ["--server", url];
+        conf.client.args = ["--server", `${httpsUrl};${httpUrl}`];
 
-        const jestExit = await runJest(url);
+        const jestExit = await runJest(httpsUrl, httpUrl);
 
         // Check if we got any browsers
         let karmaExit;
diff --git a/clients/ts/FunctionalTests/testCert.pfx b/clients/ts/FunctionalTests/testCert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..7118908c2d730670c16e9f8b2c532a262c951989
GIT binary patch
literal 2483
zcmaKuc|27A8pqF>IWr86E&Q@(n=B)p$ug!;QVB6xij*z;uPLG!yCz#DQB)+9G$9m9
zQU)=DWXU?*EZIw<WSLy<>G!+0d++P@yZ4Xhoagg?p6B~|Ue7tN=Ny=UD?x#1n1MTq
z#c9MHh+D#gd|(a(cN}8i91v^=GcdgW3SmA$49p~gM-dys3jVWdg8+!iVL)pz1LDE5
zSb=|G<ZvN~KSQ!Q?rxD74~61uhZs=bU|nHHhtzT%{?4gfkgeydWXp04c*|$}bPuHR
zd9|7E;X!^&{+qu^YbHy7k@TeBncU!-)SA=Ul}%hyl>An(@R=(Ux!MfS9@}sFu-xDd
zIt2+mqSq$glwy_6UNs<2?(<xC6Ykp~$VcCkmP5a+xjNXHmeRsK)ipX={rj--0f&zM
z?&IF}F4EZs>qERU!gJ;5j}Pp&6trxG=wi)=@k(w2+fJVnc+qvXV<ox4QF~W&d~evJ
z3iC`kffp++kAB#EK7XV{bW*$WU0=;+0fW{64=vwMBJT_FCfH=KWfzgI8Z&3qHE&u<
zxK54EW)>zy(>Om4;L|^)R`t*3nTpAmEmTl(#i!RV#a0t#u6>Q9mY`-Nmcs7$XjXT7
zUmCD`O~_j7!%R#I?cG-7C^hcH)@l?WC1vyw$FFu_(r)jhOq6p}W8sG7NO{YTy8tG4
zrb$tTkag*G?(7lfoGx$4YWui>{{@}-FB2ub=}RX{1zx?j)s-##J9|G7E1@-;7Nuln
z9MQoX7FJ76+D#XXT@ZZmLZCufIdf3@OigG6m8I7!GT=7VD|>?6e!z9=eT}*E_tSn6
zl+clHCZ-kcIR#gen#LjMJW8>0QtViaQB#FhqsCb0YPYr3;jRITl@V9Aph24D?r2d`
zetCyyCg<*O-u+<Rbhx`bB1^AkxSlF$vc*%fKJ;7AI=3`O<;s^qmdb3}BGI&$Js>M&
zW^ptmT|}p$VAOZpmbQ1{5fK-6ytEvre#Po}6c2URn`viQAF2+e?Z~PK2&pd>7=7)I
zTCYm)@3PFRu_6a6Kb)IpCzQ%e3l%O#SDA+$Pq{Dk{HCqi7z>qd{nVpebffL7h{c4(
zmhXn~G+C27S3(IfC)q2KON=YwqHXEo%zc40DgWLzF{%RIdr@RcLu90qMSHf!Y<pL%
z?`-+`Lf@hK-X5CBDo4Vt!S$$%hHYZVV0F<AZ#BivPyD%i!?QT;&+m2KGwDUg87**H
zXF%UhGM9Ubo!RO<{9bSirORDYnprG=e7AC;kw}|?rf9o{>}JaqP<={8_Rfe;ddR5=
zKEo;^Yip&^m((#{czE{kUga3-@`*;&EwO}Jt>QdURP2P>ob^j-A!qld-0S_pm)kjs
zkNo48oZnMt){W~o8g^f;4#?lRLr-T@f}wH1o~-Iq=NEVtTVEZ`vrW~!>2yh%;Bc~H
zHl&OK>n@d`*e19*9#v>zZpU?I);f7}IPIfSSk#N|ujE492Itg)l!)TJ19@FE^x|p=
zH16NC7OfK&|6_!AnWfTIf^YPOa&`|nbk3VR0vql6&s@y1V3QOU%(`Re+<LyvjlGl=
zz-XC#DU8*S{O-EKR8yaqb4=CEFOh7zHA#>kJgrz?r9!{^wOQ4W-eng23gc}f(LxIs
zH_Ls~5izbjcRQH#WH6s6hR;zn>j_R8aJ$A)6xNneu8UI-vWV8Z@HZu&WwvG5q{1ZS
zdZeVf{Pv5-u281~y;aJe*x%Uv0@biMZ$vPbKj}O`(SOWQc~kJX<h@14F)xzPwd%>`
zXR&d4DtA<BD(%~qyw0eqH)lIt!?oSyKE5$1&k-?oPkRD4S4AZ*Pe$iwT=ROd+=PP%
zESC05u~-{k`p#ONyM4~AOJ0Zc0j87AzlAscT9-Hp5*C6$003b7e?xJSx%>e@2RH$^
z0os5*;0eIUeJi3Uh`A%44x(XzjClG8BO~-r_A}odiRuHo2-86#`mhrgN5p~<$RLY?
zq(kynfF<CIBn1F|Kp<jXz*#^6utlyv$!WkFQ6`8V0{A1$577b0QT~9>A5{v#p+EA1
z5aoe1763EQHorRm`C&ktKn(OQ1n)$Q{GZz&jRb`eDEMpl<0O#+)DMV(T7ns<Z!iNK
z%0Z(*6iQ_KvpbsE4Z<Z<xqFIoF8(7h4vQfQp;2-e02U{S!6I1nVF<kuNAq)cqxtv+
zo`vOq!;^Gj3P}&v+fIThj)>IzCG{QuM->B9g7Lrl2SE&gW`M!~(un|y0fIn=b^6_$
z9{zEzgYI~39xn0ZP*9qBL%fg7rg$ttt&TOmvfNNO<6FT0ZavM$Y4CYLQGIcIYv9Y&
zBGPUh&QTfW;V2!)oIra@s&d968y-y}Y|ww(R$GzWS*V&)k@W0>Slem{|HdTCjm;_5
zwY*A8W3nUbemE^_f0ng$tbd<`sr?TO-_&VCw+F#7P@LkIl$1PzTBoPY1b88EIO>UO
zP-NK7+g2yD3U6g3i|iA6+su>54sf_Sk0F=)1|9odnCM4u2<cEM&<eQiZ&rr2JL>Rs
z=&Y?-V&VquSN%3FJ2~ZGweP~iLs|w=l@9yu$tj@}Dp?e-2JUsqOoswdXb=E%&0te_
zA2M+{5Hf-dqD7=yw*r@A*xkn(1IS~nfP}k}e?4Bt|9g(eph4hFX_|S6nj1&Sz9z^=
zRw~<&-9d@FzTn6S*RVE{Wj5lgLJr9HLB8S9CgOm*>XA8*y<ryV+pXFUF4;|A*HjRC
zgT5a$Vz2i)_sBuvMuMu=@gHK(uiWQerS=@Lw3Cx?ZrDe67lZ6I32Wuy-xZvzX6i^E
z_bkug(lkQX7KLL=l3hF~c&{7zDn%2KHgZ01>4`JE;^s$=bqD#U4;e5C&x&ggKIAVL
zrQ)Yd8|{>7Z(6*B&7&4&9(*vDOfHMuR-Dk1IZia*XM^EZUD^{?cWG>J>KrtElc*{K
zaVl(7SN2cH4I6Q$bZOpJ8e5LKaG7p;?tJ~#+9QrTYU@f#5`Vo7cEX!szCT}iX-K^2
w#3o+<vGdszOTfH?mwL2vCR+>=C+lQz2J+SOEzVX(eJ)e7=eicC{rr9U2VGDcdH?_b

literal 0
HcmV?d00001

diff --git a/clients/ts/FunctionalTests/testCertECC.pfx b/clients/ts/FunctionalTests/testCertECC.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..888ccb032a97ac6d36afdf569ea5a7ddb15d1111
GIT binary patch
literal 1403
zcmXqLVl8K4WHxAGHD=?~YV&CO&dbQoxS)wug{6sA0VphE(8Tx`MT+qqOB3TOpzt#w
ze#FKN)y2cb$h4sGk3r*40~t0hm>|$-J{FGUht3{YZd@71#KeAqrSZm11(&cnPAfwl
zX1aFU|ILV<KBsZdPA=8ohMP0^yVXx-wH!|I`gzD}YOqsY_}TY6nJ;#0)E>KRdSQy-
z2e!P4PsNH>x|lM#?2tN^u!OtsfyA#vHJ9&i(-)s?)TWnwcKOj)d$0B8{MztM`n%q|
z{M9mBORWq;!#mbWatr7EcMEIZ*4a?}=x6n>tpRI(B{{?~YMHHDZ=^4pw$LMjck7I!
zzvaINOS^^Uruf~=&E8?7V|LlUW|HCQxevMbf3gl*&Zjy5$@e<X_-?71RWb(6Yn%3c
z{KXw8WEN>5b<eQzvVkx>tT;st*;rT@85kH0ViAHOh5>SZ3?&Sy47v;k43-Qj4CX-E
zj3J334JeYzV8UR^U<_oLFc>i;G9&|8mO$DVES3mlr2y5X0c9<L>WqN8QWz3J#%r@N
zvM@H83o?R@_hrZgYAs^OXD9~ZG@x|~48c%VIna<IphXG{-axVvEK>rMD*}qAgT({D
zI?I4&qyYIv22IT3aQCybEofrq01B}%F)|o5F(D@n%y|D%?IOCx)9)xK-W!^jE<{h@
zzRS8(=PhHipURGk)u%p0dmpSmyuxYW{=ZK;@@v;tW*6QvI&pvUzn#nCmEG+(*OaEY
zHxyaA$}FzmBM{?rk!9XSmC#1RXUU6B9DMJ%;BbQNIu(-%91(Bi1(NdJtYiL`@IGhA
zymKkomSs`&Uz4m!k3&o!JUAh?!Q<KGC9@yied6>#QD&0np^X~?&+OfDO}h40Y?O!j
zm+pF&LXT;0D;CUJ<EUNm*7VPggY~~|aHr00+k47xxk*=$|NrhCJR3W=CiC4o>{}3h
zV=+TtLHRF*V;_PYSBA>=_B;HRT5ZqPx~O3B#ecWfUQ`N+{<vhl&FsL}iEpRh+i8>Z
zHz=;g;q`anh}wB4zjfZ3E4-jitMBI#j_b+4d0NjkdpS5x{qcHna;er`w{2xzHP5Zr
zD&3qSZl%|@=-sy&?CeTA)jc}0p9EZ5|Fin<Ly!J{qIS#gE?X7Oa6-!`$ajVOhVw}W
zyVgn0Je{wn9#wNzC+}rV{cD|HVU^BjRxi05wxqaoZm{K#S@m7}#Fl;H?yc&!JIgBQ
zZo}YRJTqHf)-XW(MTNqKh0Biq`Sn+*d*$J(z+%y(BB%D(WxX>@5x#gvcCPO70Noeu
z@wbEw&a=P1_dH|K#j4X&B#)n*m$*J9S&DJz`WYV`w#1pbC5ZgotXi%3+&@ji$iH2g
zv4S=Abj$Qi?LQ|je3Ll1)vhhMB<0@21zEE$lmu>lRDDD5pW^)NA7`h3_PLk6;-sH%
zm%OvjeamWTnc45;N{<w33P<ZQt<`uecj(WtozLIDJ`{a&!;L`eNp5Y0Z?5#4aSJ5e
zty`>7w|~ZryW7oH-#!yqnq&3MUig`wfZD<C-NkYRWv&sr{ZZf5?fd>sXX`GjNc&tH
zTox#|;gN~NB(75l+b115bTNbVf=qjk$Bf-)P0FshsX8@Gx+^DLdwhjTxV_?1HaFF6
zk|m#OWi>>ab5q>se9O>3d-2GAkLS@>eRgCh7+4#~8?dvnYV$EONwJ8uv-NfrpVt4B
r?jsp}XX2cX|BhL`WD&_^IHf-$@%m29k1q?q&7B#jKP_$tC_?}MhAKx!

literal 0
HcmV?d00001

diff --git a/clients/ts/FunctionalTests/ts/Common.ts b/clients/ts/FunctionalTests/ts/Common.ts
index 13062d97de..37b9b532fb 100644
--- a/clients/ts/FunctionalTests/ts/Common.ts
+++ b/clients/ts/FunctionalTests/ts/Common.ts
@@ -5,27 +5,35 @@ import { HttpTransportType, IHubProtocol, JsonHubProtocol } from "@aspnet/signal
 import { MessagePackHubProtocol } from "@aspnet/signalr-protocol-msgpack";
 
 export let ENDPOINT_BASE_URL: string;
+export let ENDPOINT_BASE_HTTPS_URL: string;
 
 if (typeof window !== "undefined" && (window as any).__karma__) {
     const args = (window as any).__karma__.config.args as string[];
-    let server = "";
+    let httpsServer = "";
+    let httpServer = "";
 
     for (let i = 0; i < args.length; i += 1) {
         switch (args[i]) {
             case "--server":
                 i += 1;
-                server = args[i];
+                const urls = args[i].split(";");
+                httpsServer = urls[0];
+                httpServer = urls[1];
+                console.log(httpServer);
                 break;
         }
     }
 
     // Running in Karma? Need to use an absolute URL
-    ENDPOINT_BASE_URL = server;
+    ENDPOINT_BASE_URL = httpServer;
+    ENDPOINT_BASE_HTTPS_URL = httpsServer;
     console.log(`Using SignalR Server: ${ENDPOINT_BASE_URL}`);
 } else if (typeof document !== "undefined") {
     ENDPOINT_BASE_URL = `${document.location.protocol}//${document.location.host}`;
 } else if (process && process.env && process.env.SERVER_URL) {
-    ENDPOINT_BASE_URL = process.env.SERVER_URL;
+    const urls = process.env.SERVER_URL.split(";");
+    ENDPOINT_BASE_HTTPS_URL = urls[0];
+    ENDPOINT_BASE_URL = urls[1];
 } else {
     throw new Error("The server could not be found.");
 }
diff --git a/clients/ts/FunctionalTests/ts/HubConnectionTests.ts b/clients/ts/FunctionalTests/ts/HubConnectionTests.ts
index 8d54c23884..b7665cb306 100644
--- a/clients/ts/FunctionalTests/ts/HubConnectionTests.ts
+++ b/clients/ts/FunctionalTests/ts/HubConnectionTests.ts
@@ -7,11 +7,12 @@
 import { AbortError, DefaultHttpClient, HttpClient, HttpRequest, HttpResponse, HttpTransportType, HubConnectionBuilder, IHttpConnectionOptions, JsonHubProtocol, NullLogger } from "@aspnet/signalr";
 import { MessagePackHubProtocol } from "@aspnet/signalr-protocol-msgpack";
 
-import { eachTransport, eachTransportAndProtocol, ENDPOINT_BASE_URL } from "./Common";
+import { eachTransport, eachTransportAndProtocol, ENDPOINT_BASE_HTTPS_URL, ENDPOINT_BASE_URL } from "./Common";
 import "./LogBannerReporter";
 import { TestLogger } from "./TestLogger";
 
 const TESTHUBENDPOINT_URL = ENDPOINT_BASE_URL + "/testhub";
+const TESTHUBENDPOINT_HTTPS_URL = ENDPOINT_BASE_HTTPS_URL + "/testhub";
 const TESTHUB_NOWEBSOCKETS_ENDPOINT_URL = ENDPOINT_BASE_URL + "/testhub-nowebsockets";
 
 // On slower CI machines, these tests sometimes take longer than 5s
@@ -62,6 +63,35 @@ describe("hubConnection", () => {
                 });
             });
 
+            // Run test in Node or Chrome, but not on macOS
+            if ((process && process.platform !== "darwin") && (typeof navigator === "undefined" || navigator.userAgent.search("Chrome") !== -1)) {
+                it("using https, can invoke server method and receive result", (done) => {
+                    const message = "你好，世界！";
+
+                    const hubConnection = getConnectionBuilder(transportType, TESTHUBENDPOINT_HTTPS_URL)
+                        .withHubProtocol(protocol)
+                        .build();
+
+                    hubConnection.onclose((error) => {
+                        expect(error).toBeUndefined();
+                        done();
+                    });
+
+                    hubConnection.start().then(() => {
+                        hubConnection.invoke("Echo", message).then((result) => {
+                            expect(result).toBe(message);
+                        }).catch((e) => {
+                            fail(e);
+                        }).then(() => {
+                            hubConnection.stop();
+                        });
+                    }).catch((e) => {
+                        fail(e);
+                        done();
+                    });
+                });
+            }
+
             it("can invoke server method non-blocking and not receive result", (done) => {
                 const message = "你好，世界！";
 

From a242dc726d714e0a10ed423e1e526e8902b0fc2c Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Sun, 11 Nov 2018 16:31:08 -0800
Subject: [PATCH 2/4] Ensure .jar files are included in code signing with the
 correct certificate

---
 build/repo.targets | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build/repo.targets b/build/repo.targets
index c246ce275a..66065ac2a1 100644
--- a/build/repo.targets
+++ b/build/repo.targets
@@ -75,7 +75,7 @@
     </ItemGroup>
   </Target>
 
-  <Target Name="GetJavaArtifactInfo">
+  <Target Name="GetJavaArtifactInfo" DependsOnTargets="DetectJava">
     <ItemGroup Condition="'$(HasJava)' == 'true' AND '$(SkipJavaClient)' != 'true'">
       <ArtifactInfo Include="$(BuildDir)\%(Jars.Identity)">
         <ArtifactType>JavaJar</ArtifactType>
@@ -88,7 +88,7 @@
         <Category>ship</Category>
       </ArtifactInfo>
 
-      <FilesToSign Include="$(BuildDir)\%(Jars.Identity)" Certificate="MicrosoftJAR" />
+      <FilesToSign Include="$(BuildDir)\%(Jars.Identity)" Certificate="$(JarSigningCertName)" />
       <FilesToExcludeFromSigning Include="$(BuildDir)\%(PomFile.Identity)" />
     </ItemGroup>
   </Target>

From a9def470e3b8e1480c55d1c311e4b37472140307 Mon Sep 17 00:00:00 2001
From: Nate McMaster <nate.mcmaster@microsoft.com>
Date: Sun, 11 Nov 2018 20:24:25 -0800
Subject: [PATCH 3/4] Don't attempt to detect java if SkipJavaClient is true

---
 build/repo.targets | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/build/repo.targets b/build/repo.targets
index 66065ac2a1..6cdce57f88 100644
--- a/build/repo.targets
+++ b/build/repo.targets
@@ -75,8 +75,8 @@
     </ItemGroup>
   </Target>
 
-  <Target Name="GetJavaArtifactInfo" DependsOnTargets="DetectJava">
-    <ItemGroup Condition="'$(HasJava)' == 'true' AND '$(SkipJavaClient)' != 'true'">
+  <Target Name="GetJavaArtifactInfo" DependsOnTargets="DetectJava" Condition=" '$(SkipJavaClient)' != 'true' ">
+    <ItemGroup Condition="'$(HasJava)' == 'true'">
       <ArtifactInfo Include="$(BuildDir)\%(Jars.Identity)">
         <ArtifactType>JavaJar</ArtifactType>
         <Version>$(JavaClientVersion)</Version>

From b476df9acd22a403d9fe46ecb0feedf052035e39 Mon Sep 17 00:00:00 2001
From: BrennanConroy <brecon@microsoft.com>
Date: Mon, 12 Nov 2018 09:06:51 -0800
Subject: [PATCH 4/4] Custom CORS-like middleware to allow wildcard origin in
 test app (#3292)

---
 .../ts/FunctionalTests/FunctionalTests.csproj |  1 -
 clients/ts/FunctionalTests/Startup.cs         | 52 ++++++++++++++-----
 2 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/clients/ts/FunctionalTests/FunctionalTests.csproj b/clients/ts/FunctionalTests/FunctionalTests.csproj
index 2de14a67d6..06948653fc 100644
--- a/clients/ts/FunctionalTests/FunctionalTests.csproj
+++ b/clients/ts/FunctionalTests/FunctionalTests.csproj
@@ -26,7 +26,6 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion)" />
-    <PackageReference Include="Microsoft.AspNetCore.Cors" Version="$(MicrosoftAspNetCoreCorsPackageVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
diff --git a/clients/ts/FunctionalTests/Startup.cs b/clients/ts/FunctionalTests/Startup.cs
index 975de64581..5417be9d64 100644
--- a/clients/ts/FunctionalTests/Startup.cs
+++ b/clients/ts/FunctionalTests/Startup.cs
@@ -13,7 +13,9 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Connections;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Tokens;
+using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using Newtonsoft.Json.Serialization;
@@ -32,15 +34,13 @@ namespace FunctionalTests
             {
                 options.EnableDetailedErrors = true;
             })
-                .AddJsonProtocol(options =>
-                {
-                    // we are running the same tests with JSON and MsgPack protocols and having
-                    // consistent casing makes it cleaner to verify results
-                    options.PayloadSerializerSettings.ContractResolver = new DefaultContractResolver();
-                })
-                .AddMessagePackProtocol();
-
-            services.AddCors();
+            .AddJsonProtocol(options =>
+            {
+                // we are running the same tests with JSON and MsgPack protocols and having
+                // consistent casing makes it cleaner to verify results
+                options.PayloadSerializerSettings.ContractResolver = new DefaultContractResolver();
+            })
+            .AddMessagePackProtocol();
 
             services.AddAuthorization(options =>
             {
@@ -90,12 +90,36 @@ namespace FunctionalTests
 
             app.UseFileServer();
 
-            app.UseCors(policyBuilder =>
+            // Custom CORS to allow any origin + credentials (which isn't allowed by the CORS spec)
+            // This is for testing purposes only (karma hosts the client on its own server), never do this in production
+            app.Use((context, next) =>
             {
-                policyBuilder.AllowAnyOrigin()
-                    .AllowAnyHeader()
-                    .AllowAnyMethod()
-                    .AllowCredentials();
+                var originHeader = context.Request.Headers[HeaderNames.Origin];
+                if (!StringValues.IsNullOrEmpty(originHeader))
+                {
+                    context.Response.Headers[HeaderNames.AccessControlAllowOrigin] = originHeader;
+                    context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true";
+
+                    var requestMethod = context.Request.Headers[HeaderNames.AccessControlRequestMethod];
+                    if (!StringValues.IsNullOrEmpty(requestMethod))
+                    {
+                        context.Response.Headers[HeaderNames.AccessControlAllowMethods] = requestMethod;
+                    }
+
+                    var requestHeaders = context.Request.Headers[HeaderNames.AccessControlRequestHeaders];
+                    if (!StringValues.IsNullOrEmpty(requestHeaders))
+                    {
+                        context.Response.Headers[HeaderNames.AccessControlAllowHeaders] = requestHeaders;
+                    }
+                }
+
+                if (string.Equals(context.Request.Method, "OPTIONS", StringComparison.OrdinalIgnoreCase))
+                {
+                    context.Response.StatusCode = StatusCodes.Status204NoContent;
+                    return Task.CompletedTask;
+                }
+
+                return next.Invoke();
             });
 
             app.UseConnections(routes =>