fix(cors): Fix the cors configuration error

- CORS uses the default policy
8 months ago · 07749017e1
21 changed files with 69 additions and 27 deletions
--- a/aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.Applications.Single/MicroServiceApplicationsSingleModule.Configure.cs
@ -4,7 +4,6 @@ namespace LY.MicroService.Applications.Single;

 public partial class MicroServiceApplicationsSingleModule
 {
-    protected const string DefaultCorsPolicyName = "Default";
    public static string ApplicationName { get; set; } = "MicroService-Applications-Single";
    private readonly static OneTimeRunner OneTimeRunner = new();

@ -895,7 +894,7 @@ public partial class MicroServiceApplicationsSingleModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.Configure.cs
@ -392,7 +392,7 @@ public partial class BackendAdminHttpApiHostModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs
@ -178,7 +178,7 @@ public partial class BackendAdminHttpApiHostModule : AbpModule
        // 路由
        app.UseRouting();
        // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
--- a/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.Configure.cs
@ -55,7 +55,6 @@ namespace LY.MicroService.IdentityServer;
 public partial class IdentityServerHttpApiHostModule
 {
    public static string ApplicationName { get; set; }  = "IdentityService";
-    protected const string DefaultCorsPolicyName = "Default";
    private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();

    private void PreConfigureFeature()
@ -414,7 +413,7 @@ public partial class IdentityServerHttpApiHostModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs
@ -133,7 +133,7 @@ public partial class IdentityServerHttpApiHostModule : AbpModule
        // 路由
        app.UseRouting();
        // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
--- a/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.Configure.cs
@ -381,7 +381,7 @@ public partial class IdentityServerModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.cs
+++ b/aspnet-core/services/LY.MicroService.IdentityServer/IdentityServerModule.cs
@ -78,8 +78,6 @@ namespace LY.MicroService.IdentityServer;
    )]
 public partial class IdentityServerModule : AbpModule
 {
-    private const string DefaultCorsPolicyName = "Default";
-
    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
        var configuration = context.Services.GetConfiguration();
@ -137,7 +135,7 @@ public partial class IdentityServerModule : AbpModule
        app.UseCorrelationId();
        app.MapAbpStaticAssets();
        app.UseRouting();
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
        app.UseMultiTenancy();
--- a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.Configure.cs
@ -46,7 +46,6 @@ namespace LY.MicroService.LocalizationManagement;
 public partial class LocalizationManagementHttpApiHostModule
 {
    public static string ApplicationName { get; set; } = "LocalizationService";
-    protected const string DefaultCorsPolicyName = "Default";
    private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();

    private void PreConfigureFeature()
@ -299,7 +298,7 @@ public partial class LocalizationManagementHttpApiHostModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs
@ -115,7 +115,7 @@ public partial class LocalizationManagementHttpApiHostModule : AbpModule
        // 路由
        app.UseRouting();
        // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
--- a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.Configure.cs
@ -57,7 +57,6 @@ namespace LY.MicroService.PlatformManagement;
 public partial class PlatformManagementHttpApiHostModule
 {
    public static string ApplicationName { get; set; } = "PlatformService";
-    protected const string DefaultCorsPolicyName = "Default";
    private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();

    private void PreConfigureFeature()
@ -376,7 +375,7 @@ public partial class PlatformManagementHttpApiHostModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs
@ -177,7 +177,7 @@ public partial class PlatformManagementHttpApiHostModule : AbpModule
        // 路由
        app.UseRouting();
        // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
--- a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.Configure.cs
@ -370,7 +370,7 @@ public partial class RealtimeMessageHttpApiHostModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs
@ -128,8 +128,6 @@ namespace LY.MicroService.RealtimeMessage;
    )]
 public partial class RealtimeMessageHttpApiHostModule : AbpModule
 {
-    private const string DefaultCorsPolicyName = "Default";
-
    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
        var configuration = context.Services.GetConfiguration();
@ -183,7 +181,7 @@ public partial class RealtimeMessageHttpApiHostModule : AbpModule
        // 路由
        app.UseRouting();
        // 跨域
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
--- a/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.Configure.cs
@ -48,7 +48,6 @@ namespace LY.MicroService.TaskManagement;

 public partial class TaskManagementHttpApiHostModule
 {
-    protected const string DefaultCorsPolicyName = "Default";
    public static string ApplicationName { get; set; } = "TaskService";
    private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();

@ -201,7 +200,7 @@ public partial class TaskManagementHttpApiHostModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.cs
@ -136,7 +136,7 @@ public partial class TaskManagementHttpApiHostModule : AbpModule
        app.MapAbpStaticAssets();
        app.UseCorrelationId();
        app.UseRouting();
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
        app.UseMultiTenancy();
--- a/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.Configure.cs
@ -14,6 +14,7 @@ using Medallion.Threading;
 using Medallion.Threading.Redis;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
@ -27,6 +28,7 @@ using Quartz;
 using StackExchange.Redis;
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using Volo.Abp;
@ -402,6 +404,29 @@ public partial class WebhooksManagementHttpApiHostModule
        });
    }

+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddDefaultPolicy(builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    .WithAbpWrapExposedHeaders()
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
    private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
--- a/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.cs
@ -125,6 +125,7 @@ public partial class WebhooksManagementHttpApiHostModule : AbpModule
        ConfigureWebhooks(context.Services);
        ConfigureJsonSerializer(configuration);
        ConfigureMvc(context.Services, configuration);
+        ConfigureCors(context.Services, configuration);
        ConfigureDistributedLock(context.Services, configuration);
        ConfigureBackgroundTasks(context.Services, configuration);
        ConfigureSeedWorker(context.Services, hostingEnvironment.IsDevelopment());
--- a/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.Configure.cs
@ -10,6 +10,7 @@ using Medallion.Threading;
 using Medallion.Threading.Redis;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Caching.StackExchangeRedis;
@ -21,6 +22,7 @@ using Microsoft.OpenApi.Models;
 using StackExchange.Redis;
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Text.Encodings.Web;
 using System.Text.Unicode;
 using Volo.Abp;
@ -352,6 +354,29 @@ public partial class WechatManagementHttpApiHostModule
        });
    }

+    private void ConfigureCors(IServiceCollection services, IConfiguration configuration)
+    {
+        services.AddCors(options =>
+        {
+            options.AddDefaultPolicy(builder =>
+            {
+                builder
+                    .WithOrigins(
+                        configuration["App:CorsOrigins"]
+                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
+                            .Select(o => o.RemovePostFix("/"))
+                            .ToArray()
+                    )
+                    .WithAbpExposedHeaders()
+                    .WithAbpWrapExposedHeaders()
+                    .SetIsOriginAllowedToAllowWildcardSubdomains()
+                    .AllowAnyHeader()
+                    .AllowAnyMethod()
+                    .AllowCredentials();
+            });
+        });
+    }
+
    private void ConfigureSecurity(IServiceCollection services, IConfiguration configuration, bool isDevelopment = false)
    {
        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
--- a/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.cs
@ -108,6 +108,7 @@ public partial class WechatManagementHttpApiHostModule : AbpModule
        ConfigureSwagger(context.Services);
        ConfigureJsonSerializer(configuration);
        ConfigureMvc(context.Services, configuration);
+        ConfigureCors(context.Services, configuration);
        ConfigureDistributedLock(context.Services, configuration);
        ConfigureSecurity(context.Services, configuration, hostingEnvironment.IsDevelopment());
    }
--- a/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.Configure.cs
@ -54,7 +54,6 @@ namespace LY.MicroService.WorkflowManagement;
 public partial class WorkflowManagementHttpApiHostModule
 {
    public static string ApplicationName { get; set; } = "WorkflowService";
-    private const string DefaultCorsPolicyName = "Default";
    private static readonly OneTimeRunner OneTimeRunner = new OneTimeRunner();

    private void PreConfigureFeature()
@ -488,7 +487,7 @@ public partial class WorkflowManagementHttpApiHostModule
    {
        services.AddCors(options =>
        {
-            options.AddPolicy(DefaultCorsPolicyName, builder =>
+            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
--- a/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.cs
@ -145,7 +145,7 @@ public partial class WorkflowManagementHttpApiHostModule : AbpModule
        app.UseCorrelationId();
        app.MapAbpStaticAssets();
        app.UseRouting();
-        app.UseCors(DefaultCorsPolicyName);
+        app.UseCors();
        app.UseElsaFeatures();
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();