CorsStudy/CorsServer/CorsServer.WebApi31/Startup.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;

namespace CorsServer.WebApi31
{
    public class Startup
    {
        public Startup(IConfiguration configuration, IHostEnvironment hostingEnvironment, IWebHostEnvironment webHostEnvironment)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        public void ConfigureServices(IServiceCollection services)
        {
            //Config
            services.Configure<CorsOption>(Configuration.GetSection(ApplicationConst.CorsConfigOptionName));

            #region  CORS
            AddCors_Config(services);
            //AddCors_Test(services);
            //AddCors_2(services);
            //AddCors_3(services);
            //AddCors_4(services);
            //AddCors_5(services);
            #endregion
            services.AddControllers();
        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptionsSnapshot<CorsOption> corsOtionsSnapshot)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                //app.UseDatabaseErrorPage();
            }
            else
            {
                //app.UseExceptionHandler("/Error");
                //app.UseHsts();
            }

            // app.UseHttpsRedirection();

            #region ѹ<><D1B9><EFBFBD>Ͱ<EFBFBD><CDB0>ھ<EFBFBD>̬<EFBFBD>ļ<EFBFBD>
            // app.UseResponseCompression();
            // app.UseResponseCaching();
            #endregion

            // app.UseStaticFiles();

            // app.UseCookiePolicy();

            // <20><>·<EFBFBD><C2B7><EFBFBD><EFBFBD>ȫ<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD>ǰ<EFBFBD><C7B0> http://www.custom.com/PathBase/
            // app.UsePathBase("/api/");

            app.UseRouting();

            // app.UseRequestLocalization();

            // UseRouting() <20><> UseAuthentication()֮<><D6AE>
            // <20>м<EFBFBD><D0BC><EFBFBD>˳<EFBFBD><CBB3> https://docs.microsoft.com/zh-cn/aspnet/core/fundamentals/middleware/?view=aspnetcore-6.0#middleware-order
            app.UseCors(ApplicationConst.DefaultPolicyName);

            //app.UseAuthentication();

            app.UseAuthorization();

            //<2F><><EFBFBD><EFBFBD> Cookie<69><65><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD><D0BC><EFBFBD>֮<EFBFBD><D6AE><EFBFBD><EFBFBD> MVC<56>м<EFBFBD><D0BC><EFBFBD>֮ǰ<D6AE><C7B0><EFBFBD>ûỰ<C3BB>м<EFBFBD><D0BC><EFBFBD><EFBFBD><EFBFBD>
            // app.UseSession();

            // app.UseResponseCompression();

            // app.UseResponseCaching();

            //<2F>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD>м<EFBFBD><D0BC><EFBFBD>

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }

        /// <summary>
        /// CORS ģ<><C4A3>
        /// </summary>
        private IServiceCollection AddCors_Template(IServiceCollection services)
        {
            services.AddCors(setup =>
            {
                var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
                setup.AddPolicy(ApplicationConst.DefaultPolicyName, build =>
                {
                    build

                    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ
                    //<2F><><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ
                    .AllowAnyOrigin()

                    //<2F><><EFBFBD><EFBFBD>2<EFBFBD><32>lamda<64><61><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD>
                    //.SetIsOriginAllowed(requestOrigin => 
                    //{
                    //    //<2F><><EFBFBD><EFBFBD>Դ(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD><D0AD>+<2B><><EFBFBD><EFBFBD>+<2B>˿ںţ<DABA><C5A3><EFBFBD><EFBFBD><EFBFBD> http://wwwww.xxxx.com:80)
                    //    var address = requestOrigin;

                    //    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><D4B4><EFBFBD>й<EFBFBD><D0B9><EFBFBD>

                    //    return true;
                    //})

                    //<2F><><EFBFBD><EFBFBD>3<EFBFBD><33>WithOrigins<6E><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD>
                    //.WithOrigins(corsOption.Origins.ToArray())
                    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>WithOrigins<6E><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʹ<EFBFBD><CAB9>ͨ<EFBFBD><CDA8><EFBFBD><EFBFBD>(*<2A><>)
                    //.SetIsOriginAllowedToAllowWildcardSubdomains()

                    //<2F><><EFBFBD>󷽷<EFBFBD>(POST GET PUT DELETE OPTIONS<4E><53>)
                    .AllowAnyMethod()
                    //.WithMethods(corsOption.Methods.ToArray())

                    //<2F><><EFBFBD><EFBFBD>ͷ
                    .AllowAnyHeader()
                    //.WithHeaders(corsOption.Headers.ToArray())

                    //ƾ<><C6BE>
                    //.AllowCredentials()
                    //.DisallowCredentials()

                    //.WithExposedHeaders()
                    //.SetPreflightMaxAge(TimeSpan.FromMinutes(10))
                   ;
                });
            });

            return services;
        }

        /// <summary>
        /// ȫ<><C8AB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˵<EFBFBD><CBB5>
        /// </summary>
        private IServiceCollection AddCors_Info(IServiceCollection services)
        {
            services.AddCors(setup =>
            {
                setup.AddPolicy(ApplicationConst.DefaultPolicyName, build =>
                {
                    build

                    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ
                    .AllowAnyOrigin()                                   //<2F><><EFBFBD><EFBFBD><EFBFBD>κ<EFBFBD><CEBA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ
                    //.SetIsOriginAllowed(_=> true)                    //ʹ<><CAB9>Func<string bool> ί<>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><D4B4><EFBFBD><EFBFBD>
                    //.WithOrigins()                                    //<2F><><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ
                    //.SetIsOriginAllowedToAllowWildcardSubdomains()    //<2F><><EFBFBD><EFBFBD>WithOrigins()<29><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ<EFBFBD><D4B4>ʹ<EFBFBD><CAB9>ͨ<EFBFBD><CDA8><EFBFBD><EFBFBD>(*<2A><>) 

                    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>HTTP<54><50><EFBFBD><EFBFBD>(POST GET PUT DELETE OPTIONS<4E><53>)
                    .AllowAnyMethod()                                   //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>з<EFBFBD><D0B7><EFBFBD>
                    //.WithMethods()                                    //<2F><><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

                    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ
                    .AllowAnyHeader()                                   //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ
                                                                        //.WithHeaders()                                    //<2F><><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ

                    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ƾ<EFBFBD><C6BE>
                    .AllowCredentials()                                 //<2F><><EFBFBD><EFBFBD>ƾ<EFBFBD>ݣ<EFBFBD>֤<EFBFBD><D6A4><EFBFBD>а<EFBFBD><D0B0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(cookies)<29><>HTTP<54><50>֤Э<D6A4><D0AD>(HTTP authentication schemes)
                    //.DisallowCredentials()                            //<2F>ܾ<EFBFBD>ƾ<EFBFBD><C6BE>

                    //<2F><><EFBFBD>ù<EFBFBD><C3B9><EFBFBD><EFBFBD>ķǼ<C4B7><C7BC><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>ͷ                          /<2F><><EFBFBD>ñ<EFBFBD>¶<EFBFBD><C2B6><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD>Ӧͷ<D3A6><CDB7>Ĭ<EFBFBD><C4AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD><C2A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֻ<EFBFBD>ᱩ¶Ĭ<C2B6>ϵ<EFBFBD><CFB5><EFBFBD>Ӧͷ<D3A6><CDB7>Ӧ<EFBFBD>ã<EFBFBD><C3A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><D4B6><EFBFBD>Ӱ<EFBFBD><D3B0>ͷ<EFBFBD><CDB7><EFBFBD>ᱩ¶<E1B1A9><C2B6>Ӧ<EFBFBD>ó<EFBFBD><C3B3><EFBFBD><EFBFBD><EFBFBD>
                    .WithExposedHeaders("x-custom-a", "x-custom-b")

                    //<2F><><EFBFBD><EFBFBD>Ԥ<EFBFBD><D4A4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>
                    .SetPreflightMaxAge(TimeSpan.FromMinutes(10))  //<2F>˱<EFBFBD>ͷָ<CDB7><D6B8><EFBFBD>ɻ<EFBFBD><C9BB><EFBFBD><EFBFBD><EFBFBD>Ԥ<EFBFBD><D4A4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>ʱ<EFBFBD>䳤<EFBFBD><E4B3A4>
                    ;

                    /*<EFBFBD>ر<EFBFBD>˵<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
                      <EFBFBD><EFBFBD><EFBFBD>ڰ<EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD>ǣ<EFBFBD>.net core 2.1<EFBFBD><EFBFBD>ʼ, AllowAnyOrigin() <EFBFBD><EFBFBD> AllowCredentials() <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬʱʹ<EFBFBD><EFBFBD>
                      <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
                                1<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>AllowCredentials()ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>.SetIsOriginAllowed(_ => true) <EFBFBD><EFBFBD><EFBFBD><EFBFBD> AllowAnyOrigin()
                                2<EFBFBD><EFBFBD>ʹ<EFBFBD><EFBFBD>AllowCredentials()ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> WithOrigins()ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ(ʹ<EFBFBD><EFBFBD>SetIsOriginAllowedToAllowWildcardSubdomains()<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>) <EFBFBD><EFBFBD><EFBFBD><EFBFBD> AllowAnyOrigin()
                                3<EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD><EFBFBD><EFBFBD>
                     */
                });
            });

            return services;
        }

        #region ע<>᲻ͬ<E1B2BB><CDAC>Cors<72><73><EFBFBD><EFBFBD>

        /// <summary>
        /// <20><><EFBFBD><EFBFBD>
        /// </summary>
        private IServiceCollection AddCors_Test(IServiceCollection services)
        {
            services.AddCors(setup =>
            {
                setup.AddPolicy(ApplicationConst.DefaultPolicyName, build =>
                {
                    build

                    //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ
                    //.AllowAnyOrigin()
                    //.WithOrigins()
                    .SetIsOriginAllowed(requestOrigin =>
                    {
                        var cc = requestOrigin;
                        return true;
                    })
                    //.SetIsOriginAllowedToAllowWildcardSubdomains()

                    //<2F><><EFBFBD>󷽷<EFBFBD>(POST GET PUT DELETE OPTIONS<4E><53>)
                    .AllowAnyMethod()
                    //.WithMethods()

                    //<2F><><EFBFBD><EFBFBD>ͷ
                    .AllowAnyHeader()
                    //.WithHeaders()

                    //ƾ<><C6BE>
                    //.AllowCredentials()
                    //.DisallowCredentials()

                    //.WithExposedHeaders()
                   ;
                });
            });

            return services;
        }

        private IServiceCollection AddCors_Single(IServiceCollection services)
        {
            services.AddCors(setup =>
             {
                 setup.AddPolicy(ApplicationConst.DefaultPolicyName, build =>
                 {
                     build

                     //<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Դ
                     .AllowAnyOrigin()
                    //.WithOrigins()
                    //.SetIsOriginAllowed(_ => true)
                    //.SetIsOriginAllowedToAllowWildcardSubdomains()

                    //<2F><><EFBFBD>󷽷<EFBFBD>(POST GET PUT DELETE OPTIONS<4E><53>)
                    //.AllowAnyMethod()
                    //.WithMethods()

                    //<2F><><EFBFBD><EFBFBD>ͷ
                    //.AllowAnyHeader()
                    //.WithHeaders()

                    //ƾ<><C6BE>
                    //.AllowCredentials()
                    //.DisallowCredentials()

                    //.WithExposedHeaders()
                    ;
                 });
             });

            return services;
        }

        private IServiceCollection AddCors_All(IServiceCollection services)
        {
            services.AddCors(setup =>
           {
               setup.AddPolicy(ApplicationConst.DefaultPolicyName, build =>
               {
                   build
                   .AllowAnyOrigin()
                   .AllowAnyMethod()
                   .AllowAnyHeader()
                   ;
               });
           });

            return services;
        }

        private IServiceCollection AddCors_3(IServiceCollection services)
        {
            services.AddCors(setup =>
             {
                 var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
                 setup.AddPolicy(ApplicationConst.DefaultPolicyName, build =>
                 {
                     build
                     .WithOrigins(corsOption.Origins.ToArray())
                     .WithMethods(corsOption.Methods.ToArray())
                     .WithHeaders(corsOption.Headers.ToArray())
                     .WithExposedHeaders(corsOption.ExposedHeaders.ToArray());
                 });
             });

            return services;
        }

        private IServiceCollection AddCors_4(IServiceCollection services)
        {
            services.AddCors(setup =>
           {
               setup.AddPolicy(ApplicationConst.DefaultPolicyName, build =>
               {
                   build.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().WithExposedHeaders("x-custom-error");
               });
           });
            return services;
        }

        private IServiceCollection AddCors_5(IServiceCollection services)
        {
            services.AddCors(setup =>
              {
                  var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
                  setup.AddPolicy(ApplicationConst.DefaultPolicyName, builder =>
                  {
                      builder
                      ////.SetIsOriginAllowedToAllowWildcardSubdomains()
                      .WithOrigins("http://localhost:5002")
                      //.AllowAnyMethod()
                      ////.WithMethods(corsOption.Methods.ToArray())
                      //.AllowAnyHeader()
                      ////.WithHeaders(corsOption.Headers.ToArray())
                      ////.WithExposedHeaders(corsOption.ExposedHeaders.ToArray())
                      ;
                  });
              });

            return services;
        }

        private IServiceCollection AddCors_Config(IServiceCollection services)
        {
            services.AddCors(setup =>
              {
                  var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
                  setup.AddPolicy(ApplicationConst.DefaultPolicyName, builder =>
                  {
                      if (corsOption.Origins == null)
                      {
                          builder.SetIsOriginAllowed(_ => true);
                      }
                      else if (corsOption.Origins.Count == 0)
                      {
                          builder.SetIsOriginAllowed(_ => true);
                      }
                      else if (corsOption.Origins.Contains("*"))
                      {
                          builder.SetIsOriginAllowed(_ => true);
                      }
                      else
                      {
                          builder.WithOrigins(corsOption.Origins.ToArray());
                          builder.SetIsOriginAllowedToAllowWildcardSubdomains();
                      }

                      if (corsOption.Methods == null || corsOption.Methods.Count == 0)
                      {
                          builder.AllowAnyMethod();
                      }
                      else if (corsOption.Methods.Contains("*"))
                      { 
                          builder.AllowAnyMethod();
                      }
                      else
                      {
                          builder.WithMethods(corsOption.Methods.ToArray());
                      }

                      if (corsOption.Headers == null || corsOption.Headers.Count == 0)
                      {
                          builder.AllowAnyHeader();
                      }

                      else if (corsOption.Headers.Contains("*"))
                      {
                          builder.AllowAnyHeader();
                      }
                      else
                      {
                          builder.WithMethods(corsOption.Headers.ToArray());
                      }

                      if (corsOption.ExposedHeaders != null && corsOption.ExposedHeaders.Count > 0)
                      {
                          builder.WithExposedHeaders(corsOption.ExposedHeaders.ToArray());
                      }

                      if (corsOption.AllowCredentials)
                      {
                          builder.AllowCredentials();
                      }
                      else
                      {
                          builder.DisallowCredentials();
                      }

                      if (corsOption.PreflightMaxAge.TotalSeconds > 0)
                      {
                          builder.SetPreflightMaxAge(corsOption.PreflightMaxAge);
                      }
                  });
              });

            return services;
        }

        #endregion
    }
}