StudyGroup
/
CorsStudy
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

更新

Browse Source
master
bicijinlian 4 years ago
parent ddb4f82dbd
commit fafa5ae02a
5 changed files with 364 additions and 63 deletions
Show Stats Download Patch File Download Diff File

18
CorsServer/CorsServer.WebApi31/Config/CorsOption.cs
Unescape Escape View File

@ -8,23 +8,33 @@ namespace CorsServer.WebApi31
public class CorsOption
{
/// <summary>
/// 允许跨域的域名列表
/// 允许跨域的请求来源
/// </summary>
public List<string> Origins { get; set; }
/// <summary>
/// 允许跨域的方法
/// 允许跨域的HTTP方法
/// </summary>
public List<string> Methods { get; set; }
/// <summary>
/// 允许跨域的请求头
/// 允许跨域的HTTP请求头
/// </summary>
public List<string> Headers { get; set; }
/// <summary>
/// 允许跨域的ExposedHeader
/// 公开的非简单响应标头
/// </summary>
public List<string> ExposedHeaders { get; set; }
/// <summary>
/// 允许跨域请求中的凭据
/// </summary>
public bool AllowCredentials { get; set; }
/// <summary>
/// 预检过期时间
/// </summary>
public TimeSpan PreflightMaxAge { get; set; }
}
}

198
CorsServer/CorsServer.WebApi31/Startup.cs
Unescape Escape View File

@ -16,7 +16,7 @@ namespace CorsServer.WebApi31
{
public class Startup
{
public Startup(IConfiguration configuration,IHostEnvironment hostingEnvironment,IWebHostEnvironment webHostEnvironment)
public Startup(IConfiguration configuration, IHostEnvironment hostingEnvironment, IWebHostEnvironment webHostEnvironment)
{
Configuration = configuration;
}
@ -25,9 +25,9 @@ namespace CorsServer.WebApi31
public void ConfigureServices(IServiceCollection services)
{
#region Config
//Config
services.Configure<CorsOption>(Configuration.GetSection("CORS"));
#endregion
#region CORS
AddCors_Test(services);
//AddCors_2(services);
@ -60,51 +60,6 @@ namespace CorsServer.WebApi31
});
}
/// <summary>
/// 全部设置项说明
/// </summary>
private IServiceCollection AddCors_Info(IServiceCollection services)
{
services.AddCors(setup =>
{
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
{
build
//请求来源
.AllowAnyOrigin() //允许任何请求来源
//.WithOrigins() //允许指定请求来源
.SetIsOriginAllowed(_ => true) //使用Func<string bool> 委托方法,确定是否允许请求源跨域
.SetIsOriginAllowedToAllowWildcardSubdomains() //允许请求源中使用通配符(*等)
//请求方法(POST GET PUT DELETE OPTIONS等)
.AllowAnyMethod() //允许所有方法
//.WithMethods() //允许指定方法
//请求头
.AllowAnyHeader() //允许所有请求头
//.WithHeaders() //允许指定请求头
//凭据
.AllowCredentials() //允许凭据:证书中包含缓存(cookies)和HTTP验证协议(HTTP authentication schemes)
//.DisallowCredentials() //拒绝凭据
//.WithExposedHeaders() //设置暴露的自定义响应头(默认情况下,浏览器只会暴露默认的响应头给应用,其它自定义影响头不会暴露给应用程序)
;
/*
.net core 2.1, AllowAnyOrigin() AllowCredentials() 使
1使AllowCredentials().SetIsOriginAllowed(_ => true) AllowAnyOrigin()
2使AllowCredentials() WithOrigins()(使SetIsOriginAllowedToAllowWildcardSubdomains()) AllowAnyOrigin()
3
*/
});
});
return services;
}
/// <summary>
/// CORS 模板
/// </summary>
@ -118,8 +73,10 @@ namespace CorsServer.WebApi31
build
//请求来源
//方法1所有请求源
.AllowAnyOrigin()
//.WithOrigins(corsOption.Origins.ToArray())
//方法2lamda方法中自定义
//.SetIsOriginAllowed(requestOrigin =>
//{
// //请求源(请求的协议+主机+端口号,比如 http://wwwww.xxxx.com:80)
@ -129,6 +86,10 @@ namespace CorsServer.WebApi31
// return true;
//})
//方法3WithOrigins方法参数自定义
//.WithOrigins(corsOption.Origins.ToArray())
//允许在WithOrigins方法中使用通配符(*等)
//.SetIsOriginAllowedToAllowWildcardSubdomains()
//请求方法(POST GET PUT DELETE OPTIONS等)
@ -144,6 +105,7 @@ namespace CorsServer.WebApi31
//.DisallowCredentials()
//.WithExposedHeaders()
//.SetPreflightMaxAge(TimeSpan.FromMinutes(10))
;
});
});
@ -151,6 +113,57 @@ namespace CorsServer.WebApi31
return services;
}
/// <summary>
/// 全部设置项说明
/// </summary>
private IServiceCollection AddCors_Info(IServiceCollection services)
{
services.AddCors(setup =>
{
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
{
build
//设置允许跨域的请求来源
.AllowAnyOrigin() //允许任何请求来源
//.SetIsOriginAllowed(_=> true) //使用Func<string bool> 委托方法,自定义是否允许请求源跨域
//.WithOrigins() //允许指定请求来源
//.SetIsOriginAllowedToAllowWildcardSubdomains() //允许WithOrigins()方法,在请求源中使用通配符(*等)
//设置允许跨域的HTTP方法(POST GET PUT DELETE OPTIONS等)
.AllowAnyMethod() //允许所有方法
//.WithMethods() //允许指定方法
//设置允许跨域的请求标头
.AllowAnyHeader() //允许所有请求头
//.WithHeaders() //允许指定请求头
//跨域请求中的凭据
.AllowCredentials() //允许凭据:证书中包含缓存(cookies)和HTTP验证协议(HTTP authentication schemes)
//.DisallowCredentials() //拒绝凭据
//设置公开的非简单响应标头 /设置暴露的自定义响应头(默认情况下,浏览器只会暴露默认的响应头给应用,其它自定义影响头不会暴露给应用程序)
.WithExposedHeaders("x-custom-a", "x-custom-b")
//设置预检过期时间
.SetPreflightMaxAge(TimeSpan.FromMinutes(10)) //此标头指定可缓存对预检请求的响应的时间长度
;
/*
.net core 2.1, AllowAnyOrigin() AllowCredentials() 使
1使AllowCredentials().SetIsOriginAllowed(_ => true) AllowAnyOrigin()
2使AllowCredentials() WithOrigins()(使SetIsOriginAllowedToAllowWildcardSubdomains()) AllowAnyOrigin()
3
*/
});
});
return services;
}
#region 注册不同的Cors策略
/// <summary>
/// 测试
/// </summary>
@ -165,7 +178,7 @@ namespace CorsServer.WebApi31
//请求来源
//.AllowAnyOrigin()
//.WithOrigins()
.SetIsOriginAllowed(requestOrigin =>
.SetIsOriginAllowed(requestOrigin =>
{
var cc = requestOrigin;
return true;
@ -202,16 +215,16 @@ namespace CorsServer.WebApi31
//请求来源
.AllowAnyOrigin()
//.WithOrigins()
//.SetIsOriginAllowed(_ => true)
//.SetIsOriginAllowedToAllowWildcardSubdomains()
//.WithOrigins()
//.SetIsOriginAllowed(_ => true)
//.SetIsOriginAllowedToAllowWildcardSubdomains()
//请求方法(POST GET PUT DELETE OPTIONS等)
//.AllowAnyMethod()
//.WithMethods()
//请求方法(POST GET PUT DELETE OPTIONS等)
//.AllowAnyMethod()
//.WithMethods()
//请求头
//.AllowAnyHeader()
//请求头
//.AllowAnyHeader()
//.WithHeaders()
//凭据
@ -294,5 +307,74 @@ namespace CorsServer.WebApi31
return services;
}
private IServiceCollection AddCors_Config(IServiceCollection services)
{
services.AddCors(setup =>
{
var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, builder =>
{
if (corsOption.Origins == null)
{
builder.SetIsOriginAllowed(_ => true);
}
else if (corsOption.Origins.Count == 0)
{
builder.SetIsOriginAllowed(_ => true);
}
else if (corsOption.Origins.Contains("*"))
{
builder.SetIsOriginAllowed(_ => true);
}
else
{
builder.WithOrigins(corsOption.Origins.ToArray());
builder.SetIsOriginAllowedToAllowWildcardSubdomains();
}
if (corsOption.Methods == null || corsOption.Methods.Count == 0)
{
builder.AllowAnyMethod();
}
else
{
builder.WithMethods(corsOption.Methods.ToArray());
}
if (corsOption.Headers == null || corsOption.Headers.Count == 0)
{
builder.AllowAnyHeader();
}
else
{
builder.WithMethods(corsOption.Headers.ToArray());
}
if (corsOption.ExposedHeaders != null && corsOption.ExposedHeaders.Count > 0)
{
builder.WithExposedHeaders(corsOption.ExposedHeaders.ToArray());
}
if (corsOption.AllowCredentials)
{
builder.AllowCredentials();
}
else
{
builder.DisallowCredentials();
}
if (corsOption.PreflightMaxAge.TotalSeconds > 0)
{
builder.SetPreflightMaxAge(corsOption.PreflightMaxAge);
}
});
});
return services;
}
#endregion
}
}

127
CorsServer/CorsServer.WebApi31/StartupConfig.cs
Unescape Escape View File

@ -0,0 +1,127 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace CorsServer.WebApi31
{
public class StartupConfig
{
public StartupConfig(IConfiguration configuration, IHostEnvironment hostingEnvironment, IWebHostEnvironment webHostEnvironment)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
//Config
services.Configure<CorsOption>(Configuration.GetSection("CORS"));
//Cors配置文件选项
AddCors_Config(services);
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptionsSnapshot<CorsOption> corsOtionsSnapshot)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseCors(CorsPolicyNameConst.DefaultPolicyName);
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
#region 注册不同的Cors策略
private IServiceCollection AddCors_Config(IServiceCollection services)
{
services.AddCors(setup =>
{
var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, builder =>
{
if (corsOption.Origins == null)
{
builder.SetIsOriginAllowed(_ => true);
}
else if (corsOption.Origins.Count == 0)
{
builder.SetIsOriginAllowed(_ => true);
}
else if (corsOption.Origins.Contains("*"))
{
builder.SetIsOriginAllowed(_ => true);
}
else
{
builder.WithOrigins(corsOption.Origins.ToArray());
builder.SetIsOriginAllowedToAllowWildcardSubdomains();
}
if (corsOption.Methods == null || corsOption.Methods.Count == 0)
{
builder.AllowAnyMethod();
}
else
{
builder.WithMethods(corsOption.Methods.ToArray());
}
if (corsOption.Headers == null || corsOption.Headers.Count == 0)
{
builder.AllowAnyHeader();
}
else
{
builder.WithMethods(corsOption.Headers.ToArray());
}
if (corsOption.ExposedHeaders != null && corsOption.ExposedHeaders.Count > 0)
{
builder.WithExposedHeaders(corsOption.ExposedHeaders.ToArray());
}
if (corsOption.AllowCredentials)
{
builder.AllowCredentials();
}
else
{
builder.DisallowCredentials();
}
if (corsOption.PreflightMaxAge.TotalSeconds > 0)
{
builder.SetPreflightMaxAge(corsOption.PreflightMaxAge);
}
});
});
return services;
}
#endregion
}
}

80
CorsServer/CorsServer.WebApi31/StartupDefaultPolicy.cs
Unescape Escape View File

@ -0,0 +1,80 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace CorsServer.WebApi31
{
public class StartupDefaultPolicy
{
public StartupDefaultPolicy(IConfiguration configuration, IHostEnvironment hostingEnvironment, IWebHostEnvironment webHostEnvironment)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
//config
services.Configure<CorsOption>(Configuration.GetSection("CORS"));
//Cors
AddDefaultCors(services);
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptionsSnapshot<CorsOption> corsOtionsSnapshot)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//根路径:全局访问前辍 http://www.custom.com/PathBase/
//app.UsePathBase("/api/");
app.UseRouting();
app.UseCors();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
/// <summary>
/// 设置默认策略Cors
/// </summary>
private IServiceCollection AddDefaultCors(IServiceCollection services)
{
services.AddCors(setupCors =>
{
setupCors.AddDefaultPolicy(build =>
{
build
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.SetPreflightMaxAge(TimeSpan.FromMinutes(10))
;
});
});
return services;
}
}
}

4
CorsServer/CorsServer.WebApi31/appsettings.json
Unescape Escape View File

@ -4,7 +4,9 @@
"Origins": ["*"],
"Methods": [ "*" ],
"Headers": [ "*" ],
"ExposedHeaders": ["x-custom-error"]
"AllowCredentials": false,
"ExposedHeaders": [ "x-custom-error" ],
"PreflightMaxAge": "00:20:30"
},
"Logging": {
"LogLevel": {

Write Preview
Loading…
Cancel
Save