Custom CORS-like middleware to allow wildcard origin in test app (#3292)

This commit is contained in:
BrennanConroy 2018-11-12 09:06:51 -08:00 committed by GitHub
parent a9def470e3
commit b476df9acd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 15 deletions

View File

@ -26,7 +26,6 @@
<ItemGroup> <ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="$(MicrosoftAspNetCoreAuthenticationJwtBearerPackageVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="$(MicrosoftAspNetCoreCorsPackageVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="$(MicrosoftAspNetCoreDiagnosticsPackageVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Server.IISIntegration" Version="$(MicrosoftAspNetCoreServerIISIntegrationPackageVersion)" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" /> <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />

View File

@ -13,7 +13,9 @@ using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Connections; using Microsoft.AspNetCore.Http.Connections;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Primitives;
using Microsoft.IdentityModel.Tokens; using Microsoft.IdentityModel.Tokens;
using Microsoft.Net.Http.Headers;
using Newtonsoft.Json; using Newtonsoft.Json;
using Newtonsoft.Json.Linq; using Newtonsoft.Json.Linq;
using Newtonsoft.Json.Serialization; using Newtonsoft.Json.Serialization;
@ -32,15 +34,13 @@ namespace FunctionalTests
{ {
options.EnableDetailedErrors = true; options.EnableDetailedErrors = true;
}) })
.AddJsonProtocol(options => .AddJsonProtocol(options =>
{ {
// we are running the same tests with JSON and MsgPack protocols and having // we are running the same tests with JSON and MsgPack protocols and having
// consistent casing makes it cleaner to verify results // consistent casing makes it cleaner to verify results
options.PayloadSerializerSettings.ContractResolver = new DefaultContractResolver(); options.PayloadSerializerSettings.ContractResolver = new DefaultContractResolver();
}) })
.AddMessagePackProtocol(); .AddMessagePackProtocol();
services.AddCors();
services.AddAuthorization(options => services.AddAuthorization(options =>
{ {
@ -90,12 +90,36 @@ namespace FunctionalTests
app.UseFileServer(); app.UseFileServer();
app.UseCors(policyBuilder => // Custom CORS to allow any origin + credentials (which isn't allowed by the CORS spec)
// This is for testing purposes only (karma hosts the client on its own server), never do this in production
app.Use((context, next) =>
{ {
policyBuilder.AllowAnyOrigin() var originHeader = context.Request.Headers[HeaderNames.Origin];
.AllowAnyHeader() if (!StringValues.IsNullOrEmpty(originHeader))
.AllowAnyMethod() {
.AllowCredentials(); context.Response.Headers[HeaderNames.AccessControlAllowOrigin] = originHeader;
context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true";
var requestMethod = context.Request.Headers[HeaderNames.AccessControlRequestMethod];
if (!StringValues.IsNullOrEmpty(requestMethod))
{
context.Response.Headers[HeaderNames.AccessControlAllowMethods] = requestMethod;
}
var requestHeaders = context.Request.Headers[HeaderNames.AccessControlRequestHeaders];
if (!StringValues.IsNullOrEmpty(requestHeaders))
{
context.Response.Headers[HeaderNames.AccessControlAllowHeaders] = requestHeaders;
}
}
if (string.Equals(context.Request.Method, "OPTIONS", StringComparison.OrdinalIgnoreCase))
{
context.Response.StatusCode = StatusCodes.Status204NoContent;
return Task.CompletedTask;
}
return next.Invoke();
}); });
app.UseConnections(routes => app.UseConnections(routes =>