From 7634943efb96f792d2671633b57a4973fcbb242a Mon Sep 17 00:00:00 2001 From: Nishchal Date: Tue, 28 Jul 2020 17:43:03 +0700 Subject: [PATCH 1/2] feat(cors): add ability to setup cors --- Feature.Manager.Api/Configs/CorsConfig.cs | 12 ++++++ Feature.Manager.Api/Startup.cs | 6 ++- Feature.Manager.Api/StartupExtensions/Cors.cs | 41 +++++++++++++++++++ Feature.Manager.Api/appsettings.json | 8 +++- 4 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 Feature.Manager.Api/Configs/CorsConfig.cs create mode 100644 Feature.Manager.Api/StartupExtensions/Cors.cs diff --git a/Feature.Manager.Api/Configs/CorsConfig.cs b/Feature.Manager.Api/Configs/CorsConfig.cs new file mode 100644 index 0000000..ee280b3 --- /dev/null +++ b/Feature.Manager.Api/Configs/CorsConfig.cs @@ -0,0 +1,12 @@ +using System.Collections.Generic; + +namespace Feature.Manager.Api.Configs +{ + public class CorsConfig + { + public IEnumerable Origins { set; get; } + public IEnumerable Headers { set; get; } + public bool AllowCredentials { set; get; } + public string PolicyToUse { set; get; } + } +} diff --git a/Feature.Manager.Api/Startup.cs b/Feature.Manager.Api/Startup.cs index 44e7dac..6caf674 100644 --- a/Feature.Manager.Api/Startup.cs +++ b/Feature.Manager.Api/Startup.cs @@ -1,10 +1,12 @@ using System.Text.Json.Serialization; +using Feature.Manager.Api.Configs; using Feature.Manager.Api.StartupExtensions; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; +using Microsoft.Extensions.Options; namespace Feature.Manager.Api { @@ -28,18 +30,20 @@ public void ConfigureServices(IServiceCollection services) { x.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter()); }); + services.SetupCors(Configuration.GetSection("CorsConfig").Get()); services.ConfigureSwagger(); services.RegisterWorker(); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. - public void Configure(IApplicationBuilder app, IWebHostEnvironment env) + public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptions corsConfig) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRouting(); + app.UseCorsPolicy(corsConfig.Value); app.UseAuthorization(); app.AddSwaggerWithUi(); app.UseEndpoints(endpoints => diff --git a/Feature.Manager.Api/StartupExtensions/Cors.cs b/Feature.Manager.Api/StartupExtensions/Cors.cs new file mode 100644 index 0000000..03ee215 --- /dev/null +++ b/Feature.Manager.Api/StartupExtensions/Cors.cs @@ -0,0 +1,41 @@ +using System.Linq; +using Feature.Manager.Api.Configs; +using Microsoft.AspNetCore.Builder; +using Microsoft.Extensions.DependencyInjection; + +namespace Feature.Manager.Api.StartupExtensions +{ + public static class Cors + { + public static void SetupCors(this IServiceCollection services, CorsConfig config) + { + services.AddCors(x => + { + x.AddPolicy("development", builder => + { + builder + .AllowAnyOrigin() + .AllowAnyHeader() + .AllowAnyMethod(); + }); + x.AddPolicy("production", builder => + { + builder.WithOrigins(config.Origins.ToArray()) + .WithMethods(config.Headers.ToArray()) + .AllowAnyMethod(); + if (!config.AllowCredentials) + { + builder.DisallowCredentials(); + return; + } + builder.AllowCredentials(); + }); + }); + } + + public static void UseCorsPolicy(this IApplicationBuilder app, CorsConfig config) + { + app.UseCors(config.PolicyToUse); + } + } +} diff --git a/Feature.Manager.Api/appsettings.json b/Feature.Manager.Api/appsettings.json index 5cc2a42..55b66bb 100644 --- a/Feature.Manager.Api/appsettings.json +++ b/Feature.Manager.Api/appsettings.json @@ -23,5 +23,11 @@ "Database": "monitoring" } }, - "AllowedHosts": "*" + "AllowedHosts": "*", + "CorsConfig": { + "Origins": ["*"], + "Headers": ["x-client-version"], + "AllowCredentials": false, + "PolicyToUse": "development" + } } From a2f9759782b85b1ad0a7b445f8be66cb89cb836d Mon Sep 17 00:00:00 2001 From: Nishchal Date: Tue, 28 Jul 2020 17:57:53 +0700 Subject: [PATCH 2/2] chore(cors): add cors config --- Feature.Manager.Api/Startup.cs | 4 ++-- Feature.Manager.Api/StartupExtensions/Configuration.cs | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Feature.Manager.Api/Startup.cs b/Feature.Manager.Api/Startup.cs index 6caf674..57e3146 100644 --- a/Feature.Manager.Api/Startup.cs +++ b/Feature.Manager.Api/Startup.cs @@ -30,9 +30,9 @@ public void ConfigureServices(IServiceCollection services) { x.JsonSerializerOptions.Converters.Add(new JsonStringEnumConverter()); }); - services.SetupCors(Configuration.GetSection("CorsConfig").Get()); services.ConfigureSwagger(); services.RegisterWorker(); + services.SetupCors(Configuration.GetSection("CorsConfig").Get()); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. @@ -42,8 +42,8 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptions { app.UseDeveloperExceptionPage(); } - app.UseRouting(); app.UseCorsPolicy(corsConfig.Value); + app.UseRouting(); app.UseAuthorization(); app.AddSwaggerWithUi(); app.UseEndpoints(endpoints => diff --git a/Feature.Manager.Api/StartupExtensions/Configuration.cs b/Feature.Manager.Api/StartupExtensions/Configuration.cs index 5e685c1..d1f71d0 100644 --- a/Feature.Manager.Api/StartupExtensions/Configuration.cs +++ b/Feature.Manager.Api/StartupExtensions/Configuration.cs @@ -9,6 +9,7 @@ public static class Configuration public static void AddConfiguration(this IServiceCollection services, IConfiguration configuration) { services.Configure(configuration.GetSection("DatabaseConfig")); + services.Configure(configuration.GetSection("CorsConfig")); } } }