Skip to content

Always set flag in CorsMiddleware once it executes #9440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 16, 2019
Merged

Always set flag in CorsMiddleware once it executes #9440

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Endpoints;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Logging.Abstractions;

namespace Microsoft.AspNetCore.Cors.Infrastructure
{
Expand Down Expand Up @@ -119,6 +118,9 @@ public CorsMiddleware(
/// <inheritdoc />
public Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider)
{
// Flag to indicate to other systems, that CORS middleware was run for this request
context.Items[CorsMiddlewareInvokedKey] = CorsMiddlewareInvokedValue;

if (!context.Request.Headers.ContainsKey(CorsConstants.Origin))
{
return _next(context);
Expand All @@ -137,9 +139,6 @@ private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolic
// fetch policy by name, prioritizing it above policy on middleware
// 3. If there is no policy on middleware then use name on middleware

// Flag to indicate to other systems, e.g. MVC, that CORS middleware was run for this request
context.Items[CorsMiddlewareInvokedKey] = CorsMiddlewareInvokedValue;

var endpoint = context.GetEndpoint();

// Get the most significant CORS metadata for the endpoint
Expand Down
23 changes: 23 additions & 0 deletions src/Middleware/CORS/test/UnitTests/CorsMiddlewareTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -876,5 +876,28 @@ public async Task Invoke_InvokeFlagSet()
// Assert
Assert.Contains(httpContext.Items, item => string.Equals(item.Key as string, "__CorsMiddlewareInvoked"));
}

[Fact]
public async Task Invoke_WithoutOrigin_InvokeFlagSet()
{
// Arrange
var corsService = Mock.Of<ICorsService>();
var mockProvider = Mock.Of<ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;

var middleware = new CorsMiddleware(
Mock.Of<RequestDelegate>(),
corsService,
loggerFactory,
"DefaultPolicyName");

var httpContext = new DefaultHttpContext();

// Act
await middleware.Invoke(httpContext, mockProvider);

// Assert
Assert.Contains(httpContext.Items, item => string.Equals(item.Key as string, "__CorsMiddlewareInvoked"));
}
}
}
24 changes: 20 additions & 4 deletions src/Mvc/test/Mvc.FunctionalTests/CorsTestsBase.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ public async Task DisableCors_PreFlight_ActionsCanOverride_ControllerLevel(strin
}

[Fact]
public async Task CorsFilter_RunsBeforeOtherAuthorizationFilters_UsesPolicySpecifiedOnController()
public async Task Cors_RunsBeforeOtherAuthorizationFilters_UsesPolicySpecifiedOnController()
{
// Arrange
var url = "http://localhost/api/store/actionusingcontrollercorssettings";
Expand Down Expand Up @@ -314,7 +314,7 @@ public async Task CorsFilter_RunsBeforeOtherAuthorizationFilters_UsesPolicySpeci
}

[Fact]
public async Task CorsFilter_RunsBeforeOtherAuthorizationFilters_UsesPolicySpecifiedOnAction()
public async Task Cors_RunsBeforeOtherAuthorizationFilters_UsesPolicySpecifiedOnAction()
{
// Arrange
var url = "http://localhost/api/store/actionwithcorssettings";
Expand Down Expand Up @@ -349,7 +349,7 @@ public async Task CorsFilter_RunsBeforeOtherAuthorizationFilters_UsesPolicySpeci
}

[Fact]
public async Task DisableCorsFilter_RunsBeforeOtherAuthorizationFilters()
public async Task DisableCors_RunsBeforeOtherAuthorizationFilters()
{
// Controller enables authorization and Cors, the action has a DisableCorsAttribute.
// We expect the CorsMiddleware to execute and no-op
Expand Down Expand Up @@ -377,7 +377,7 @@ public async Task DisableCorsFilter_RunsBeforeOtherAuthorizationFilters()
}

[Fact]
public async Task CorsFilter_OnAction_PreferredOverController_AndAuthorizationFiltersRunAfterCors()
public async Task Cors_OnAction_PreferredOverController_AndAuthorizationFiltersRunAfterCors()
{
// Arrange
var request = new HttpRequestMessage(
Expand All @@ -398,5 +398,21 @@ public async Task CorsFilter_OnAction_PreferredOverController_AndAuthorizationFi
var content = await response.Content.ReadAsStringAsync();
Assert.Empty(content);
}

[Fact]
public async Task Cors_WithoutOriginHeader_Works()
{
// Arrange
var request = new HttpRequestMessage(
HttpMethod.Put,
"http://localhost/Cors/EditUserComment?userComment=abcd");

// Act
var response = await Client.SendAsync(request);

// Assert
await response.AssertStatusCodeAsync(HttpStatusCode.OK);
Assert.Empty(response.Headers);
}
}
}