From db5730df07bb81e1953859e4adda6e2d5f38fee0 Mon Sep 17 00:00:00 2001 From: gentoo90 Date: Tue, 10 Dec 2024 20:17:54 +0200 Subject: [PATCH] fix: cors error if `BasePath` is set Duendes `.UseIdentityServer()` uses the `BasePath` set by `app.UsePathBase()` which works properly with CORS unlike `BasePathMiddleware` and `.UseWhen()`. --- e2e/tests/base-path.spec.ts | 10 +++++++++ src/Middlewares/BasePathMiddleware.cs | 32 --------------------------- src/Program.cs | 15 ++----------- 3 files changed, 12 insertions(+), 45 deletions(-) delete mode 100644 src/Middlewares/BasePathMiddleware.cs diff --git a/e2e/tests/base-path.spec.ts b/e2e/tests/base-path.spec.ts index 3ef7e89..889a699 100644 --- a/e2e/tests/base-path.spec.ts +++ b/e2e/tests/base-path.spec.ts @@ -19,6 +19,16 @@ describe('Base path', () => { expect(result).toHaveProperty('token_endpoint', process.env.OIDC_TOKEN_URL_WITH_BASE_PATH); }); + test('CORS', async () => { + const origin = 'https://google.com'; + const response = await fetch(process.env.OIDC_DISCOVERY_ENDPOINT_WITH_BASE_PATH, { + headers: { + origin, + }, + }); + expect(response.headers.get('access-control-allow-origin')).toEqual(origin); + }); + test('Token Endpoint', async () => { if (!client) throw new Error('Client not found'); diff --git a/src/Middlewares/BasePathMiddleware.cs b/src/Middlewares/BasePathMiddleware.cs deleted file mode 100644 index 63c1255..0000000 --- a/src/Middlewares/BasePathMiddleware.cs +++ /dev/null @@ -1,32 +0,0 @@ -using Duende.IdentityServer.Extensions; -using Duende.IdentityServer.Configuration; -using Duende.IdentityServer.Services; - -#pragma warning disable 1591 - -namespace OpenIdConnectServer.Middlewares -{ - public class BasePathMiddleware - { - private readonly RequestDelegate _next; - private readonly IdentityServerOptions _options; - - public BasePathMiddleware(RequestDelegate next, IdentityServerOptions options) - { - _next = next; - _options = options; - } - - public async Task Invoke(HttpContext context) - { - var basePath = Config.GetAspNetServicesOptions().BasePath; - var request = context.Request; - if(request.Path.Value?.Length > basePath.Length) - { - request.Path = request.Path.Value.Substring(basePath.Length); - context.RequestServices.GetRequiredService().BasePath = basePath; - } - await _next(context); - } - } -} diff --git a/src/Program.cs b/src/Program.cs index 1f20854..0f87d5f 100644 --- a/src/Program.cs +++ b/src/Program.cs @@ -1,9 +1,7 @@ -using Duende.IdentityServer.Hosting; -using Microsoft.Extensions.FileProviders; +using Microsoft.Extensions.FileProviders; using OpenIdConnectServer; using OpenIdConnectServer.Helpers; using OpenIdConnectServer.JsonConverters; -using OpenIdConnectServer.Middlewares; using OpenIdConnectServer.Services; using OpenIdConnectServer.Validation; using Serilog; @@ -53,6 +51,7 @@ var app = builder.Build(); +app.UsePathBase(Config.GetAspNetServicesOptions().BasePath); var aspNetServicesOptions = Config.GetAspNetServicesOptions(); AspNetServicesHelper.ConfigureAspNetServices(builder.Services, aspNetServicesOptions); @@ -65,16 +64,6 @@ app.UseIdentityServer(); -var basePath = Config.GetAspNetServicesOptions().BasePath; -if (!string.IsNullOrEmpty(basePath)) -{ - app.UseWhen(ctx => ctx.Request.Path.StartsWithSegments(basePath), appBuilder => - { - appBuilder.UseMiddleware(); - appBuilder.UseMiddleware(); - }); -} - app.UseHttpsRedirection(); var manifestEmbeddedProvider = new ManifestEmbeddedFileProvider(typeof(Program).Assembly, "wwwroot");