Fix cors with creds (#193)
This commit is contained in:
parent
50dff844b2
commit
aa88f16b08
|
|
@ -136,10 +136,17 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
||||||
result.SupportsCredentials = policy.SupportsCredentials;
|
result.SupportsCredentials = policy.SupportsCredentials;
|
||||||
result.PreflightMaxAge = policy.PreflightMaxAge;
|
result.PreflightMaxAge = policy.PreflightMaxAge;
|
||||||
|
|
||||||
|
// https://fetch.spec.whatwg.org/#http-new-header-syntax
|
||||||
AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders);
|
AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders);
|
||||||
AddHeaderValues(result.AllowedMethods, policy.Methods);
|
|
||||||
AddHeaderValues(result.AllowedHeaders, policy.Headers);
|
var allowedMethods = policy.AllowAnyMethod && policy.SupportsCredentials ?
|
||||||
|
new[] { result.IsPreflightRequest ? (string)context.Request.Headers[CorsConstants.AccessControlRequestMethod] : context.Request.Method }
|
||||||
|
: policy.Methods;
|
||||||
|
AddHeaderValues(result.AllowedMethods, allowedMethods);
|
||||||
|
|
||||||
|
var allowedHeaders = policy.AllowAnyHeader && policy.SupportsCredentials ?
|
||||||
|
context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestHeaders) : policy.Headers;
|
||||||
|
AddHeaderValues(result.AllowedHeaders, allowedHeaders);
|
||||||
}
|
}
|
||||||
|
|
||||||
public virtual void EvaluateRequest(HttpContext context, CorsPolicy policy, CorsResult result)
|
public virtual void EvaluateRequest(HttpContext context, CorsPolicy policy, CorsResult result)
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ const corsServerPath = `http://${hostname}:9000`;
|
||||||
|
|
||||||
// e.g., npm test --debug
|
// e.g., npm test --debug
|
||||||
// In debug mode we show the editor, slow down operations, and increase the timeout for each test
|
// In debug mode we show the editor, slow down operations, and increase the timeout for each test
|
||||||
const debug = process.env.npm_config_debug || false;
|
let debug = process.env.npm_config_debug || false;
|
||||||
jest.setTimeout(debug ? 60000 : 30000);
|
jest.setTimeout(debug ? 60000 : 30000);
|
||||||
|
|
||||||
let browser;
|
let browser;
|
||||||
|
|
@ -38,8 +38,8 @@ describe('Browser is initialized', () => {
|
||||||
test('no errors on launch', () => {
|
test('no errors on launch', () => {
|
||||||
expect(error).toBeUndefined();
|
expect(error).toBeUndefined();
|
||||||
expect(browser).toBeDefined();
|
expect(browser).toBeDefined();
|
||||||
})
|
});
|
||||||
})
|
});
|
||||||
|
|
||||||
describe('CORS allowed origin tests ', () => {
|
describe('CORS allowed origin tests ', () => {
|
||||||
const testPagePath = `http://${hostname}:9001/`;
|
const testPagePath = `http://${hostname}:9001/`;
|
||||||
|
|
@ -176,7 +176,11 @@ describe('CORS allowed origin tests ', () => {
|
||||||
test('allows Preflighted request with credentials', async () => {
|
test('allows Preflighted request with credentials', async () => {
|
||||||
const result = await page.evaluate(async (corsServerPath) => {
|
const result = await page.evaluate(async (corsServerPath) => {
|
||||||
const url = `${corsServerPath}/allow-credentials`;
|
const url = `${corsServerPath}/allow-credentials`;
|
||||||
const options = { method: 'PUT', mode: 'cors', credentials: 'include' };
|
const options = {
|
||||||
|
method: 'PUT', mode: 'cors', credentials: 'include', headers: new Headers({
|
||||||
|
'X-Custom-Header': 'X-Custom-Value'
|
||||||
|
})
|
||||||
|
};
|
||||||
|
|
||||||
const response = await fetch(url, options);
|
const response = await fetch(url, options);
|
||||||
return response.status;
|
return response.status;
|
||||||
|
|
|
||||||
|
|
@ -192,7 +192,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task PreFlight_WithCredentialsAllowed_ReturnsWildcardValues()
|
public async Task PreFlight_WithCredentialsAllowed_ReflectsRequestHeaders()
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var policy = new CorsPolicyBuilder(OriginUrl)
|
var policy = new CorsPolicyBuilder(OriginUrl)
|
||||||
|
|
@ -240,12 +240,12 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
||||||
kvp =>
|
kvp =>
|
||||||
{
|
{
|
||||||
Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key);
|
Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key);
|
||||||
Assert.Equal(new[] { "*" }, kvp.Value);
|
Assert.Equal(new[] { "X-Test1,X-Test2" }, kvp.Value);
|
||||||
},
|
},
|
||||||
kvp =>
|
kvp =>
|
||||||
{
|
{
|
||||||
Assert.Equal(CorsConstants.AccessControlAllowMethods, kvp.Key);
|
Assert.Equal(CorsConstants.AccessControlAllowMethods, kvp.Key);
|
||||||
Assert.Equal(new[] { "*" }, kvp.Value);
|
Assert.Equal(new[] { "PUT" }, kvp.Value);
|
||||||
},
|
},
|
||||||
kvp =>
|
kvp =>
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -492,7 +492,6 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
||||||
policy.Origins.Add(CorsConstants.AnyOrigin);
|
policy.Origins.Add(CorsConstants.AnyOrigin);
|
||||||
policy.Methods.Add("*");
|
policy.Methods.Add("*");
|
||||||
policy.Headers.Add("*");
|
policy.Headers.Add("*");
|
||||||
policy.SupportsCredentials = true;
|
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var result = corsService.EvaluatePolicy(requestContext, policy);
|
var result = corsService.EvaluatePolicy(requestContext, policy);
|
||||||
|
|
@ -527,7 +526,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public void EvaluatePolicy_PreflightRequest_WithCredentials_ReturnsWildCard()
|
public void EvaluatePolicy_PreflightRequest_WithCredentials_ReflectsHeaders()
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var corsService = GetCorsService();
|
var corsService = GetCorsService();
|
||||||
|
|
@ -543,8 +542,8 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.NotNull(result);
|
Assert.NotNull(result);
|
||||||
Assert.Equal(new[] { "*" }, result.AllowedMethods);
|
Assert.Equal(new[] { "PUT" }, result.AllowedMethods);
|
||||||
Assert.Equal(new[] { "*" }, result.AllowedHeaders);
|
Assert.Empty(result.AllowedHeaders);
|
||||||
Assert.True(result.SupportsCredentials);
|
Assert.True(result.SupportsCredentials);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,8 @@
|
||||||
<handlers>
|
<handlers>
|
||||||
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
|
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
|
||||||
</handlers>
|
</handlers>
|
||||||
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false" />
|
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false">
|
||||||
|
<environmentVariables />
|
||||||
|
</aspNetCore>
|
||||||
</system.webServer>
|
</system.webServer>
|
||||||
</configuration>
|
</configuration>
|
||||||
Loading…
Reference in New Issue