Fix cors with creds (#193)
This commit is contained in:
Javier Calvarro Nelson
GitHub
parent
50dff844b2
commit
aa88f16b08
|
|
@ -136,10 +136,17 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
|||
result.SupportsCredentials = policy.SupportsCredentials;
|
||||
result.PreflightMaxAge = policy.PreflightMaxAge;
|
||||
|
||||
|
||||
// https://fetch.spec.whatwg.org/#http-new-header-syntax
|
||||
AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders);
|
||||
AddHeaderValues(result.AllowedMethods, policy.Methods);
|
||||
AddHeaderValues(result.AllowedHeaders, policy.Headers);
|
||||
|
||||
var allowedMethods = policy.AllowAnyMethod && policy.SupportsCredentials ?
|
||||
new[] { result.IsPreflightRequest ? (string)context.Request.Headers[CorsConstants.AccessControlRequestMethod] : context.Request.Method }
|
||||
: policy.Methods;
|
||||
AddHeaderValues(result.AllowedMethods, allowedMethods);
|
||||
|
||||
var allowedHeaders = policy.AllowAnyHeader && policy.SupportsCredentials ?
|
||||
context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestHeaders) : policy.Headers;
|
||||
AddHeaderValues(result.AllowedHeaders, allowedHeaders);
|
||||
}
|
||||
|
||||
public virtual void EvaluateRequest(HttpContext context, CorsPolicy policy, CorsResult result)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ const corsServerPath = `http://${hostname}:9000`;
|
|||
|
||||
// e.g., npm test --debug
|
||||
// In debug mode we show the editor, slow down operations, and increase the timeout for each test
|
||||
const debug = process.env.npm_config_debug || false;
|
||||
let debug = process.env.npm_config_debug || false;
|
||||
jest.setTimeout(debug ? 60000 : 30000);
|
||||
|
||||
let browser;
|
||||
|
|
@ -38,8 +38,8 @@ describe('Browser is initialized', () => {
|
|||
test('no errors on launch', () => {
|
||||
expect(error).toBeUndefined();
|
||||
expect(browser).toBeDefined();
|
||||
})
|
||||
})
|
||||
});
|
||||
});
|
||||
|
||||
describe('CORS allowed origin tests ', () => {
|
||||
const testPagePath = `http://${hostname}:9001/`;
|
||||
|
|
@ -176,7 +176,11 @@ describe('CORS allowed origin tests ', () => {
|
|||
test('allows Preflighted request with credentials', async () => {
|
||||
const result = await page.evaluate(async (corsServerPath) => {
|
||||
const url = `${corsServerPath}/allow-credentials`;
|
||||
const options = { method: 'PUT', mode: 'cors', credentials: 'include' };
|
||||
const options = {
|
||||
method: 'PUT', mode: 'cors', credentials: 'include', headers: new Headers({
|
||||
'X-Custom-Header': 'X-Custom-Value'
|
||||
})
|
||||
};
|
||||
|
||||
const response = await fetch(url, options);
|
||||
return response.status;
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
|||
}
|
||||
|
||||
[Fact]
|
||||
public async Task PreFlight_WithCredentialsAllowed_ReturnsWildcardValues()
|
||||
public async Task PreFlight_WithCredentialsAllowed_ReflectsRequestHeaders()
|
||||
{
|
||||
// Arrange
|
||||
var policy = new CorsPolicyBuilder(OriginUrl)
|
||||
|
|
@ -240,12 +240,12 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
|||
kvp =>
|
||||
{
|
||||
Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key);
|
||||
Assert.Equal(new[] { "*" }, kvp.Value);
|
||||
Assert.Equal(new[] { "X-Test1,X-Test2" }, kvp.Value);
|
||||
},
|
||||
kvp =>
|
||||
{
|
||||
Assert.Equal(CorsConstants.AccessControlAllowMethods, kvp.Key);
|
||||
Assert.Equal(new[] { "*" }, kvp.Value);
|
||||
Assert.Equal(new[] { "PUT" }, kvp.Value);
|
||||
},
|
||||
kvp =>
|
||||
{
|
||||
|
|
|
|||
|
|
@ -492,7 +492,6 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
|||
policy.Origins.Add(CorsConstants.AnyOrigin);
|
||||
policy.Methods.Add("*");
|
||||
policy.Headers.Add("*");
|
||||
policy.SupportsCredentials = true;
|
||||
|
||||
// Act
|
||||
var result = corsService.EvaluatePolicy(requestContext, policy);
|
||||
|
|
@ -527,7 +526,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
|||
}
|
||||
|
||||
[Fact]
|
||||
public void EvaluatePolicy_PreflightRequest_WithCredentials_ReturnsWildCard()
|
||||
public void EvaluatePolicy_PreflightRequest_WithCredentials_ReflectsHeaders()
|
||||
{
|
||||
// Arrange
|
||||
var corsService = GetCorsService();
|
||||
|
|
@ -543,8 +542,8 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
|||
|
||||
// Assert
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(new[] { "*" }, result.AllowedMethods);
|
||||
Assert.Equal(new[] { "*" }, result.AllowedHeaders);
|
||||
Assert.Equal(new[] { "PUT" }, result.AllowedMethods);
|
||||
Assert.Empty(result.AllowedHeaders);
|
||||
Assert.True(result.SupportsCredentials);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@
|
|||
<handlers>
|
||||
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
|
||||
</handlers>
|
||||
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
|
||||
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false">
|
||||
<environmentVariables />
|
||||
</aspNetCore>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
Loading…
Reference in New Issue