Merge branch 'release/3.0-preview3'

This commit is contained in:
Nate McMaster 2019-02-21 10:30:11 -08:00 committed by GitHub
commit 4451a80447
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 241 additions and 228 deletions

View File

@ -79,10 +79,6 @@ jobs:
displayName: Run sign check displayName: Run sign check
condition: eq(variables['_SignType'], 'real') condition: eq(variables['_SignType'], 'real')
# Detect OSS Components in use in the product. Only needs to run on one OS in the matrix.
- task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
displayName: Detect components
condition: and(succeeded(), eq(variables['system.pullrequest.isfork'], false))
artifacts: artifacts:
- name: Windows_Packages - name: Windows_Packages
path: artifacts/packages/ path: artifacts/packages/

View File

@ -140,21 +140,26 @@ jobs:
- ${{ if eq(parameters.agentOs, 'Windows') }}: - ${{ if eq(parameters.agentOs, 'Windows') }}:
- script: .\$(BuildDirectory)\build.cmd -ci /p:SignType=$(_SignType) /p:Configuration=$(BuildConfiguration) $(BuildScriptArgs) - script: .\$(BuildDirectory)\build.cmd -ci /p:SignType=$(_SignType) /p:Configuration=$(BuildConfiguration) $(BuildScriptArgs)
displayName: Run build.cmd displayName: Run build.cmd
- powershell: eng\scripts\KillProcesses.ps1
displayName: Kill processes
condition: always()
- ${{ if ne(parameters.agentOs, 'Windows') }}: - ${{ if ne(parameters.agentOs, 'Windows') }}:
- script: ./$(BuildDirectory)/build.sh -ci -p:Configuration=$(BuildConfiguration) $(BuildScriptArgs) - script: ./$(BuildDirectory)/build.sh -ci -p:Configuration=$(BuildConfiguration) $(BuildScriptArgs)
displayName: Run build.sh displayName: Run build.sh
- script: eng/scripts/KillProcesses.sh
displayName: Kill processes
condition: always()
- ${{ if ne(parameters.buildScript, '') }}: - ${{ if ne(parameters.buildScript, '') }}:
- script: $(BuildScript) /p:Configuration=$(BuildConfiguration) $(BuildScriptArgs) - script: $(BuildScript) /p:Configuration=$(BuildConfiguration) $(BuildScriptArgs)
displayName: run $(BuildScript) displayName: run $(BuildScript)
- ${{ parameters.afterBuild }} - ${{ parameters.afterBuild }}
- ${{ if eq(parameters.agentOs, 'Windows') }}:
- powershell: eng\scripts\KillProcesses.ps1
displayName: Kill processes
continueOnError: true
condition: always()
- ${{ if ne(parameters.agentOs, 'Windows') }}:
- script: eng/scripts/KillProcesses.sh
displayName: Kill processes
continueOnError: true
condition: always()
- task: PublishTestResults@2 - task: PublishTestResults@2
displayName: Publish test results displayName: Publish test results
condition: always() condition: always()

View File

@ -1,16 +1,26 @@
$ErrorActionPreference = 'Continue' $ErrorActionPreference = 'Continue'
taskkill /T /F /IM dotnet.exe function _kill($processName) {
taskkill /T /F /IM testhost.exe try {
taskkill /T /F /IM iisexpress.exe # Redirect stderr to stdout to avoid big red blocks of output in Azure Pipeline logging
taskkill /T /F /IM iisexpresstray.exe # when there are no instances of the process
taskkill /T /F /IM w3wp.exe & cmd /c "taskkill /T /F /IM ${processName} 2>&1"
taskkill /T /F /IM msbuild.exe } catch {
taskkill /T /F /IM vbcscompiler.exe Write-Host "Failed to kill ${processName}: $_"
taskkill /T /F /IM git.exe }
taskkill /T /F /IM vctip.exe }
taskkill /T /F /IM chrome.exe
taskkill /T /F /IM h2spec.exe _kill dotnet.exe
_kill testhost.exe
_kill iisexpress.exe
_kill iisexpresstray.exe
_kill w3wp.exe
_kill msbuild.exe
_kill vbcscompiler.exe
_kill git.exe
_kill vctip.exe
_kill chrome.exe
_kill h2spec.exe
iisreset /restart iisreset /restart
exit 0 exit 0

View File

@ -18,11 +18,10 @@ This package is an internal implementation of the .NET Core SDK and is not meant
<PackageTags>aspnetcore;targeting-pack</PackageTags> <PackageTags>aspnetcore;targeting-pack</PackageTags>
<SuppressDependenciesWhenPacking>true</SuppressDependenciesWhenPacking> <SuppressDependenciesWhenPacking>true</SuppressDependenciesWhenPacking>
<!-- Subject to change: see https://github.com/dotnet/designs/pull/50 --> <PackageType>DotnetPlatform</PackageType>
<PackageType>TargetingPack</PackageType>
<RefAssemblyPackagePath>ref/$(TargetFramework)/</RefAssemblyPackagePath> <RefAssemblyPackagePath>ref/$(TargetFramework)/</RefAssemblyPackagePath>
<LayoutTargetDir>$(TargetingPackLayoutRoot)packs/Microsoft.AspNetCore.App.Ref/$(PackageVersion)/$(RefAssemblyPackagePath)</LayoutTargetDir> <LayoutTargetDir>$(TargetingPackLayoutRoot)packs/Microsoft.AspNetCore.App.Ref/$(PackageVersion)/</LayoutTargetDir>
<ArchiveOutputFileName>aspnetcore-targeting-pack-$(PackageVersion).zip</ArchiveOutputFileName> <ArchiveOutputFileName>aspnetcore-targeting-pack-$(PackageVersion).zip</ArchiveOutputFileName>
<ArchiveOutputPath>$(InstallersOutputPath)$(ArchiveOutputFileName)</ArchiveOutputPath> <ArchiveOutputPath>$(InstallersOutputPath)$(ArchiveOutputFileName)</ArchiveOutputPath>
@ -56,7 +55,6 @@ This package is an internal implementation of the .NET Core SDK and is not meant
$(BuildDependsOn); $(BuildDependsOn);
GeneratePackageConflictManifest; GeneratePackageConflictManifest;
_ResolveTargetingPackContent; _ResolveTargetingPackContent;
_BatchCopyToOutputDirectory;
_BatchCopyToLayoutTargetDir; _BatchCopyToLayoutTargetDir;
_CreateTargetingPackArchive; _CreateTargetingPackArchive;
</BuildDependsOn> </BuildDependsOn>
@ -87,15 +85,11 @@ This package is an internal implementation of the .NET Core SDK and is not meant
<AspNetCoreReferenceDocXml Include="@(AspNetCoreReferenceAssemblyPath->'%(RootDir)%(Directory)%(FileName).xml')" /> <AspNetCoreReferenceDocXml Include="@(AspNetCoreReferenceAssemblyPath->'%(RootDir)%(Directory)%(FileName).xml')" />
<!-- Exclude known missing XML docs files. Time-boxing this workaround because we want XML docs for everything. This can be removed when we get a new build with https://github.com/dotnet/core-setup/pull/5109. --> <RefPackContent Include="@(AspNetCoreReferenceAssemblyPath)" PackagePath="$(RefAssemblyPackagePath)" />
<AspNetCoreReferenceDocXml Remove="@(AspNetCoreReferenceDocXml)" <RefPackContent Include="@(AspNetCoreReferenceDocXml)" PackagePath="$(RefAssemblyPackagePath)" />
Condition="'$(MicrosoftNETCoreAppPackageVersion)' == '3.0.0-preview-27405-2' AND ('%(FileName)' == 'Microsoft.Extensions.DependencyModel' OR '%(FileName)' == 'Microsoft.DotNet.PlatformAbstractions' )" /> <RefPackContent Include="$(TargetDir)$(PackageConflictManifestFileName)" PackagePath="$(PackageConflictManifestPackagePath)" />
<RefPackContent Include="@(AspNetCoreReferenceAssemblyPath)" /> <_PackageFiles Include="@(RefPackContent)" />
<RefPackContent Include="@(AspNetCoreReferenceDocXml)" />
<_PackageFiles Include="@(RefPackContent)" PackagePath="$(RefAssemblyPackagePath)" />
<_PackageFiles Include="$(TargetDir)$(PackageConflictManifestFileName)" PackagePath="$(PackageConflictManifestPackagePath)" />
</ItemGroup> </ItemGroup>
</Target> </Target>
@ -114,25 +108,14 @@ This package is an internal implementation of the .NET Core SDK and is not meant
Overwrite="true" /> Overwrite="true" />
</Target> </Target>
<!-- Written to take advantage of target batching in MSBuild. -->
<Target Name="_BatchCopyToOutputDirectory"
DependsOnTargets="_ResolveTargetingPackContent"
Inputs="@(RefPackContent)"
Outputs="@(RefPackContent->'$(TargetDir)%(FileName)%(Extension)')">
<Copy SourceFiles="@(RefPackContent)"
DestinationFiles="@(RefPackContent->'$(TargetDir)%(FileName)%(Extension)')"
UseHardlinksIfPossible="true" />
</Target>
<!-- Written to take advantage of target batching in MSBuild. --> <!-- Written to take advantage of target batching in MSBuild. -->
<Target Name="_BatchCopyToLayoutTargetDir" <Target Name="_BatchCopyToLayoutTargetDir"
DependsOnTargets="_ResolveTargetingPackContent" DependsOnTargets="_ResolveTargetingPackContent"
Inputs="@(RefPackContent)" Inputs="@(RefPackContent)"
Outputs="@(RefPackContent->'$(LayoutTargetDir)%(FileName)%(Extension)')"> Outputs="@(RefPackContent->'$(LayoutTargetDir)%(PackagePath)%(FileName)%(Extension)')">
<Copy SourceFiles="@(RefPackContent)" <Copy SourceFiles="@(RefPackContent)"
DestinationFiles="@(RefPackContent->'$(LayoutTargetDir)%(FileName)%(Extension)')" DestinationFiles="@(RefPackContent->'$(LayoutTargetDir)%(PackagePath)%(FileName)%(Extension)')"
UseHardlinksIfPossible="true" /> UseHardlinksIfPossible="true" />
</Target> </Target>

View File

@ -23,8 +23,7 @@ This package is an internal implementation of the .NET Core SDK and is not meant
<PackageTags>aspnetcore;shared-framework</PackageTags> <PackageTags>aspnetcore;shared-framework</PackageTags>
<SuppressDependenciesWhenPacking>true</SuppressDependenciesWhenPacking> <SuppressDependenciesWhenPacking>true</SuppressDependenciesWhenPacking>
<!-- Subject to change: see https://github.com/dotnet/designs/pull/50 --> <PackageType>DotnetPlatform</PackageType>
<PackageType>RuntimePack</PackageType>
<!-- NuGet appends target framework to this value. Example: runtimes/win-x64/lib/netcoreapp3.0/ --> <!-- NuGet appends target framework to this value. Example: runtimes/win-x64/lib/netcoreapp3.0/ -->
<BuildOutputTargetFolder>runtimes/$(RuntimeIdentifier)/lib/</BuildOutputTargetFolder> <BuildOutputTargetFolder>runtimes/$(RuntimeIdentifier)/lib/</BuildOutputTargetFolder>
<!-- Target framework is not append to this because native assets to not have a target framework. --> <!-- Target framework is not append to this because native assets to not have a target framework. -->

View File

@ -15,10 +15,10 @@ This targets file should only be imported by .shfxproj files.
GenerateSharedFxVersionsFile; GenerateSharedFxVersionsFile;
GenerateBuildDependencyFile; GenerateBuildDependencyFile;
PrepareForPublish; PrepareForPublish;
GeneratePublishDependencyFile;
GenerateSharedFxMetadataFiles;
GenerateBuildRuntimeConfigurationFiles; GenerateBuildRuntimeConfigurationFiles;
ComputeAndCopyFilesToPublishDirectory; ComputeAndCopyFilesToPublishDirectory;
GeneratePublishDependencyFile;
GenerateSharedFxMetadataFiles;
CopySharedFxToOutput; CopySharedFxToOutput;
CollectSharedFxOutput; CollectSharedFxOutput;
PostBuildEvent; PostBuildEvent;

View File

@ -49,6 +49,10 @@
<_Parameter1>ManifestOutputDir</_Parameter1> <_Parameter1>ManifestOutputDir</_Parameter1>
<_Parameter2>%(_ResolvedFrameworkReference.ManifestOutputDir)</_Parameter2> <_Parameter2>%(_ResolvedFrameworkReference.ManifestOutputDir)</_Parameter2>
</AssemblyAttribute> </AssemblyAttribute>
<AssemblyAttribute Include="Microsoft.AspNetCore.TestData">
<_Parameter1>RuntimeAssetsOutputPath</_Parameter1>
<_Parameter2>%(_ResolvedFrameworkReference.RuntimeAssetsOutputPath)</_Parameter2>
</AssemblyAttribute>
</ItemGroup> </ItemGroup>
</Target> </Target>

View File

@ -24,6 +24,33 @@ namespace Microsoft.AspNetCore
_expectedRid = TestData.GetSharedFxRuntimeIdentifier(); _expectedRid = TestData.GetSharedFxRuntimeIdentifier();
} }
[Fact]
public void SharedFrameworkContainsExpectedFiles()
{
var actualAssemblies = Directory.GetFiles(TestData.GetTestDataValue("RuntimeAssetsOutputPath"), "*.dll")
.Select(Path.GetFileNameWithoutExtension)
.ToHashSet();
var expectedAssemblies = TestData.GetSharedFxDependencies()
.Split(';', StringSplitOptions.RemoveEmptyEntries)
.ToHashSet();
_output.WriteLine("==== actual assemblies ====");
_output.WriteLine(string.Join('\n', actualAssemblies.OrderBy(i => i)));
_output.WriteLine("==== expected assemblies ====");
_output.WriteLine(string.Join('\n', expectedAssemblies.OrderBy(i => i)));
var missing = expectedAssemblies.Except(actualAssemblies);
var unexpected = actualAssemblies.Except(expectedAssemblies);
_output.WriteLine("==== missing assemblies from the framework ====");
_output.WriteLine(string.Join('\n', missing));
_output.WriteLine("==== unexpected assemblies in the framework ====");
_output.WriteLine(string.Join('\n', unexpected));
Assert.Empty(missing);
Assert.Empty(unexpected);
}
[Fact] [Fact]
public void PlatformManifestListsAllFiles() public void PlatformManifestListsAllFiles()
{ {
@ -35,7 +62,7 @@ namespace Microsoft.AspNetCore
_output.WriteLine("==== file contents ===="); _output.WriteLine("==== file contents ====");
_output.WriteLine(File.ReadAllText(platformManifestPath)); _output.WriteLine(File.ReadAllText(platformManifestPath));
_output.WriteLine("==== expected assemblies ===="); _output.WriteLine("==== expected assemblies ====");
_output.WriteLine(string.Join('\n', expectedAssemblies)); _output.WriteLine(string.Join('\n', expectedAssemblies.OrderBy(i => i)));
AssertEx.FileExists(platformManifestPath); AssertEx.FileExists(platformManifestPath);

View File

@ -50,8 +50,7 @@ namespace SampleDestination
options.AddPolicy("AllowAll", policy => policy options.AddPolicy("AllowAll", policy => policy
.AllowAnyOrigin() .AllowAnyOrigin()
.AllowAnyMethod() .AllowAnyMethod()
.AllowAnyHeader() .AllowAnyHeader());
.AllowCredentials());
}); });
services.AddRouting(); services.AddRouting();
} }

View File

@ -73,8 +73,7 @@ namespace SampleDestination
innerBuilder.UseCors(policy => policy innerBuilder.UseCors(policy => policy
.AllowAnyOrigin() .AllowAnyOrigin()
.AllowAnyMethod() .AllowAnyMethod()
.AllowAnyHeader() .AllowAnyHeader());
.AllowCredentials());
innerBuilder.UseMiddleware<SampleMiddleware>(); innerBuilder.UseMiddleware<SampleMiddleware>();
}); });

View File

@ -224,6 +224,11 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
/// <returns>The constructed <see cref="CorsPolicy"/>.</returns> /// <returns>The constructed <see cref="CorsPolicy"/>.</returns>
public CorsPolicy Build() public CorsPolicy Build()
{ {
if (_policy.AllowAnyOrigin && _policy.SupportsCredentials)
{
throw new InvalidOperationException(Resources.InsecureConfiguration);
}
return _policy; return _policy;
} }

View File

@ -8,7 +8,6 @@ using System.Linq;
using Microsoft.AspNetCore.Cors.Internal; using Microsoft.AspNetCore.Cors.Internal;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using Microsoft.Extensions.Primitives; using Microsoft.Extensions.Primitives;
@ -77,7 +76,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
if (policy.AllowAnyOrigin && policy.SupportsCredentials) if (policy.AllowAnyOrigin && policy.SupportsCredentials)
{ {
_logger.InsecureConfiguration(); throw new ArgumentException(Resources.InsecureConfiguration, nameof(policy));
} }
var origin = context.Request.Headers[CorsConstants.Origin]; var origin = context.Request.Headers[CorsConstants.Origin];

View File

@ -18,7 +18,6 @@ namespace Microsoft.AspNetCore.Cors.Internal
private static readonly Action<ILogger, string, Exception> _requestHeaderNotAllowed; private static readonly Action<ILogger, string, Exception> _requestHeaderNotAllowed;
private static readonly Action<ILogger, Exception> _failedToSetCorsHeaders; private static readonly Action<ILogger, Exception> _failedToSetCorsHeaders;
private static readonly Action<ILogger, Exception> _noCorsPolicyFound; private static readonly Action<ILogger, Exception> _noCorsPolicyFound;
private static readonly Action<ILogger, Exception> _insecureConfiguration;
private static readonly Action<ILogger, Exception> _isNotPreflightRequest; private static readonly Action<ILogger, Exception> _isNotPreflightRequest;
static CORSLoggerExtensions() static CORSLoggerExtensions()
@ -73,11 +72,6 @@ namespace Microsoft.AspNetCore.Cors.Internal
new EventId(10, "NoCorsPolicyFound"), new EventId(10, "NoCorsPolicyFound"),
"No CORS policy found for the specified request."); "No CORS policy found for the specified request.");
_insecureConfiguration = LoggerMessage.Define(
LogLevel.Warning,
new EventId(11, "InsecureConfiguration"),
"The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.");
_isNotPreflightRequest = LoggerMessage.Define( _isNotPreflightRequest = LoggerMessage.Define(
LogLevel.Debug, LogLevel.Debug,
new EventId(12, "IsNotPreflightRequest"), new EventId(12, "IsNotPreflightRequest"),
@ -134,11 +128,6 @@ namespace Microsoft.AspNetCore.Cors.Internal
_noCorsPolicyFound(logger, null); _noCorsPolicyFound(logger, null);
} }
public static void InsecureConfiguration(this ILogger logger)
{
_insecureConfiguration(logger, null);
}
public static void IsNotPreflightRequest(this ILogger logger) public static void IsNotPreflightRequest(this ILogger logger)
{ {
_isNotPreflightRequest(logger, null); _isNotPreflightRequest(logger, null);

View File

@ -0,0 +1,58 @@
// <auto-generated />
namespace Microsoft.AspNetCore.Cors
{
using System.Globalization;
using System.Reflection;
using System.Resources;
internal static class Resources
{
private static readonly ResourceManager _resourceManager
= new ResourceManager("Microsoft.AspNetCore.Cors.Resources", typeof(Resources).GetTypeInfo().Assembly);
/// <summary>
/// The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the CORS policy by listing individual origins if credentials needs to be supported.
/// </summary>
internal static string InsecureConfiguration
{
get => GetString("InsecureConfiguration");
}
/// <summary>
/// The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the CORS policy by listing individual origins if credentials needs to be supported.
/// </summary>
internal static string FormatInsecureConfiguration()
=> GetString("InsecureConfiguration");
/// <summary>
/// PreflightMaxAge must be greater than or equal to 0.
/// </summary>
internal static string PreflightMaxAgeOutOfRange
{
get => GetString("PreflightMaxAgeOutOfRange");
}
/// <summary>
/// PreflightMaxAge must be greater than or equal to 0.
/// </summary>
internal static string FormatPreflightMaxAgeOutOfRange()
=> GetString("PreflightMaxAgeOutOfRange");
private static string GetString(string name, params string[] formatterNames)
{
var value = _resourceManager.GetString(name);
System.Diagnostics.Debug.Assert(value != null);
if (formatterNames != null)
{
for (var i = 0; i < formatterNames.Length; i++)
{
value = value.Replace("{" + formatterNames[i] + "}", "{" + i + "}");
}
}
return value;
}
}
}

View File

@ -1,71 +0,0 @@
//------------------------------------------------------------------------------
// <auto-generated>
// This code was generated by a tool.
// Runtime Version:4.0.30319.42000
//
// Changes to this file may cause incorrect behavior and will be lost if
// the code is regenerated.
// </auto-generated>
//------------------------------------------------------------------------------
namespace Microsoft.AspNetCore.Cors {
using System;
using System.Reflection;
/// <summary>
/// A strongly-typed resource class, for looking up localized strings, etc.
/// </summary>
// This class was auto-generated by the StronglyTypedResourceBuilder
// class via a tool like ResGen or Visual Studio.
// To add or remove a member, edit your .ResX file then rerun ResGen
// with the /str option, or rebuild your VS project.
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
internal class Resources {
private static global::System.Resources.ResourceManager resourceMan;
private static global::System.Globalization.CultureInfo resourceCulture;
internal Resources() {
}
/// <summary>
/// Returns the cached ResourceManager instance used by this class.
/// </summary>
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
internal static global::System.Resources.ResourceManager ResourceManager {
get {
if (object.ReferenceEquals(resourceMan, null)) {
global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Microsoft.AspNetCore.Cors.Resources", typeof(Resources).GetTypeInfo().Assembly);
resourceMan = temp;
}
return resourceMan;
}
}
/// <summary>
/// Overrides the current thread's CurrentUICulture property for all
/// resource lookups using this strongly typed resource class.
/// </summary>
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
internal static global::System.Globalization.CultureInfo Culture {
get {
return resourceCulture;
}
set {
resourceCulture = value;
}
}
/// <summary>
/// Looks up a localized string similar to PreflightMaxAge must be greater than or equal to 0..
/// </summary>
internal static string PreflightMaxAgeOutOfRange {
get {
return ResourceManager.GetString("PreflightMaxAgeOutOfRange", resourceCulture);
}
}
}
}

View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<root> <root>
<!-- <!--
Microsoft ResX Schema Microsoft ResX Schema
Version 2.0 Version 2.0
@ -60,63 +60,66 @@
: and then encoded with base64 encoding. : and then encoded with base64 encoding.
--> -->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata"> <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" /> <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
<xsd:element name="root" msdata:IsDataSet="true"> <xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType> <xsd:complexType>
<xsd:choice maxOccurs="unbounded"> <xsd:choice maxOccurs="unbounded">
<xsd:element name="metadata"> <xsd:element name="metadata">
<xsd:complexType> <xsd:complexType>
<xsd:sequence> <xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" /> <xsd:element name="value" type="xsd:string" minOccurs="0" />
</xsd:sequence> </xsd:sequence>
<xsd:attribute name="name" use="required" type="xsd:string" /> <xsd:attribute name="name" use="required" type="xsd:string" />
<xsd:attribute name="type" type="xsd:string" /> <xsd:attribute name="type" type="xsd:string" />
<xsd:attribute name="mimetype" type="xsd:string" /> <xsd:attribute name="mimetype" type="xsd:string" />
<xsd:attribute ref="xml:space" /> <xsd:attribute ref="xml:space" />
</xsd:complexType> </xsd:complexType>
</xsd:element> </xsd:element>
<xsd:element name="assembly"> <xsd:element name="assembly">
<xsd:complexType> <xsd:complexType>
<xsd:attribute name="alias" type="xsd:string" /> <xsd:attribute name="alias" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" /> <xsd:attribute name="name" type="xsd:string" />
</xsd:complexType> </xsd:complexType>
</xsd:element> </xsd:element>
<xsd:element name="data"> <xsd:element name="data">
<xsd:complexType> <xsd:complexType>
<xsd:sequence> <xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" /> <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" /> <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence> </xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" /> <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" /> <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" /> <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
<xsd:attribute ref="xml:space" /> <xsd:attribute ref="xml:space" />
</xsd:complexType> </xsd:complexType>
</xsd:element> </xsd:element>
<xsd:element name="resheader"> <xsd:element name="resheader">
<xsd:complexType> <xsd:complexType>
<xsd:sequence> <xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" /> <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence> </xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" /> <xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType> </xsd:complexType>
</xsd:element> </xsd:element>
</xsd:choice> </xsd:choice>
</xsd:complexType> </xsd:complexType>
</xsd:element> </xsd:element>
</xsd:schema> </xsd:schema>
<resheader name="resmimetype"> <resheader name="resmimetype">
<value>text/microsoft-resx</value> <value>text/microsoft-resx</value>
</resheader> </resheader>
<resheader name="version"> <resheader name="version">
<value>2.0</value> <value>2.0</value>
</resheader> </resheader>
<resheader name="reader"> <resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader> </resheader>
<resheader name="writer"> <resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value> <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader> </resheader>
<data name="InsecureConfiguration" xml:space="preserve">
<value>The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the CORS policy by listing individual origins if credentials needs to be supported.</value>
</data>
<data name="PreflightMaxAgeOutOfRange" xml:space="preserve"> <data name="PreflightMaxAgeOutOfRange" xml:space="preserve">
<value>PreflightMaxAge must be greater than or equal to 0.</value> <value>PreflightMaxAge must be greater than or equal to 0.</value>
</data> </data>

View File

@ -14,6 +14,8 @@ using Microsoft.Extensions.Logging.Testing;
using Xunit; using Xunit;
using Xunit.Abstractions; using Xunit.Abstractions;
[assembly: CollectionBehavior(CollectionBehavior.CollectionPerAssembly)]
namespace FunctionalTests namespace FunctionalTests
{ {
public class CorsMiddlewareFunctionalTests : LoggedTest public class CorsMiddlewareFunctionalTests : LoggedTest

View File

@ -1,4 +1,4 @@
// Copyright (c) .NET Foundation. All rights reserved. // Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System; using System;
@ -285,7 +285,6 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
Assert.True(corsPolicy.SupportsCredentials); Assert.True(corsPolicy.SupportsCredentials);
} }
[Fact] [Fact]
public void DisallowCredential_SetsSupportsCredentials_ToFalse() public void DisallowCredential_SetsSupportsCredentials_ToFalse()
{ {
@ -300,6 +299,21 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
Assert.False(corsPolicy.SupportsCredentials); Assert.False(corsPolicy.SupportsCredentials);
} }
[Fact]
public void Build_ThrowsIfConfiguredToAllowAnyOriginWithCredentials()
{
// Arrange
var builder = new CorsPolicyBuilder()
.AllowAnyOrigin()
.AllowCredentials();
// Act
var ex = Assert.Throws<InvalidOperationException>(() => builder.Build());
// Assert
Assert.Equal(Resources.InsecureConfiguration, ex.Message);
}
[Theory] [Theory]
[InlineData("Some-String", "some-string")] [InlineData("Some-String", "some-string")]
[InlineData("x:\\Test", "x:\\test")] [InlineData("x:\\Test", "x:\\test")]

View File

@ -3,6 +3,7 @@
using System; using System;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Testing;
using Microsoft.Extensions.Logging.Abstractions; using Microsoft.Extensions.Logging.Abstractions;
using Microsoft.Extensions.Options; using Microsoft.Extensions.Options;
using Xunit; using Xunit;
@ -11,6 +12,25 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
{ {
public class CorsServiceTests public class CorsServiceTests
{ {
[Fact]
public void EvaluatePolicy_Throws_IfPolicyIsIncorrectlyConfigured()
{
// Arrange
var corsService = GetCorsService();
var requestContext = GetHttpContext("POST", origin: null);
var policy = new CorsPolicy
{
Origins = { "*" },
SupportsCredentials = true,
};
// Act & Assert
ExceptionAssert.ThrowsArgument(
() => corsService.EvaluatePolicy(requestContext, policy),
"policy",
Resources.InsecureConfiguration);
}
[Fact] [Fact]
public void EvaluatePolicy_NoOrigin_ReturnsInvalidResult() public void EvaluatePolicy_NoOrigin_ReturnsInvalidResult()
{ {
@ -103,10 +123,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
// Arrange // Arrange
var corsService = GetCorsService(); var corsService = GetCorsService();
var requestContext = GetHttpContext(origin: "http://example.com"); var requestContext = GetHttpContext(origin: "http://example.com");
var policy = new CorsPolicy var policy = new CorsPolicy();
{
SupportsCredentials = true
};
policy.Origins.Add(CorsConstants.AnyOrigin); policy.Origins.Add(CorsConstants.AnyOrigin);
// Act // Act
@ -145,7 +162,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
{ {
SupportsCredentials = true SupportsCredentials = true
}; };
policy.Origins.Add(CorsConstants.AnyOrigin); policy.Origins.Add("http://example.com");
// Act // Act
var result = corsService.EvaluatePolicy(requestContext, policy); var result = corsService.EvaluatePolicy(requestContext, policy);
@ -171,27 +188,6 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
Assert.False(result.VaryByOrigin); Assert.False(result.VaryByOrigin);
} }
[Fact]
public void EvaluatePolicy_AllowAnyOrigin_SupportsCredentials_DoesNotVaryByOrigin()
{
// Arrange
var corsService = GetCorsService();
var requestContext = GetHttpContext(origin: "http://example.com");
var policy = new CorsPolicy
{
SupportsCredentials = true
};
policy.Origins.Add(CorsConstants.AnyOrigin);
// Act
var result = corsService.EvaluatePolicy(requestContext, policy);
// Assert
Assert.Equal("*", result.AllowedOrigin);
Assert.True(result.SupportsCredentials);
Assert.True(result.VaryByOrigin);
}
[Fact] [Fact]
public void EvaluatePolicy_AllowOneOrigin_DoesNotVaryByOrigin() public void EvaluatePolicy_AllowOneOrigin_DoesNotVaryByOrigin()
{ {
@ -369,7 +365,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
{ {
SupportsCredentials = true SupportsCredentials = true
}; };
policy.Origins.Add(CorsConstants.AnyOrigin); policy.Origins.Add("http://example.com");
policy.Methods.Add("*"); policy.Methods.Add("*");
// Act // Act
@ -532,7 +528,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
var corsService = GetCorsService(); var corsService = GetCorsService();
var httpContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT"); var httpContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT");
var policy = new CorsPolicy(); var policy = new CorsPolicy();
policy.Origins.Add(CorsConstants.AnyOrigin); policy.Origins.Add("http://example.com");
policy.Methods.Add("*"); policy.Methods.Add("*");
policy.Headers.Add("*"); policy.Headers.Add("*");
policy.SupportsCredentials = true; policy.SupportsCredentials = true;

View File

@ -157,7 +157,7 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var responseHeaders = response.Headers; var responseHeaders = response.Headers;
Assert.Equal( Assert.Equal(
new[] { "*" }, new[] { "http://example.com" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray()); responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray());
Assert.Equal( Assert.Equal(
new[] { "true" }, new[] { "true" },
@ -190,7 +190,7 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var responseHeaders = response.Headers; var responseHeaders = response.Headers;
Assert.Equal( Assert.Equal(
new[] { "*" }, new[] { "http://example.com" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray()); responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray());
Assert.Equal( Assert.Equal(
new[] { "true" }, new[] { "true" },
@ -302,9 +302,6 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
Assert.Equal( Assert.Equal(
new[] { "*" }, new[] { "*" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray()); responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray());
Assert.Equal(
new[] { "true" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowCredentials).ToArray());
Assert.Equal( Assert.Equal(
new[] { "Custom" }, new[] { "Custom" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray()); responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray());

View File

@ -29,7 +29,7 @@ namespace CorsWebSite
return "exclusive"; return "exclusive";
} }
[EnableCors("WithCredentialsAnyOrigin")] [EnableCors("WithCredentialsAndOtherSettings")]
public string EditUserComment(int id, string userComment) public string EditUserComment(int id, string userComment)
{ {
return userComment; return userComment;

View File

@ -41,11 +41,11 @@ namespace CorsWebSite
}); });
options.AddPolicy( options.AddPolicy(
"WithCredentialsAnyOrigin", "WithCredentialsAndOtherSettings",
builder => builder =>
{ {
builder.AllowCredentials() builder.AllowCredentials()
.AllowAnyOrigin() .WithOrigins("http://example.com")
.AllowAnyHeader() .AllowAnyHeader()
.WithMethods("PUT", "POST") .WithMethods("PUT", "POST")
.WithExposedHeaders("exposed1", "exposed2"); .WithExposedHeaders("exposed1", "exposed2");
@ -55,8 +55,7 @@ namespace CorsWebSite
"AllowAll", "AllowAll",
builder => builder =>
{ {
builder.AllowCredentials() builder.AllowAnyMethod()
.AllowAnyMethod()
.AllowAnyHeader() .AllowAnyHeader()
.AllowAnyOrigin(); .AllowAnyOrigin();
}); });