CORS with Access-Control-Allow-Credentials (#877)

* Added a CORSCredentials config option and --corsCredentials command line argument to enable Access-Control-Allow-Credentials.

* Changed name of the CORS credentials parameter from corsCredentials to cors-credentials.

src/Azure.Functions.Cli/Actions/HostActions/StartHostAction.cs

@@ -47,6 +47,8 @@ internal class StartHostAction : BaseAction
 
         public string CorsOrigins { get; set; }
 
+        public bool CorsCredentials { get; set; }
+
         public int Timeout { get; set; }
 
         public bool UseHttps { get; set; }
@@ -81,6 +83,12 @@ public override ICommandLineParserResult ParseArgs(string[] args)
                 .SetDefault(hostSettings.Cors ?? string.Empty)
                 .Callback(c => CorsOrigins = c);
 
+            Parser
+                .Setup<bool>("cors-credentials")
+                .WithDescription($"Allow cross-origin authenticated requests (i.e. cookies and the Authentication header)")
+                .SetDefault(hostSettings.CorsCredentials)
+                .Callback(v => CorsCredentials = v);
+
             Parser
                 .Setup<int>('t', "timeout")
                 .WithDescription($"Timeout for on the functions host to start in seconds. Default: {DefaultTimeout} seconds.")
@@ -150,7 +158,7 @@ private async Task<IWebHost> BuildWebHost(ScriptApplicationHostOptions hostOptio
                     loggingBuilder.AddDefaultWebJobsFilters();
                     loggingBuilder.AddProvider(new ColoredConsoleLoggerProvider((cat, level) => level >= LogLevel.Information));
                 })
-                .ConfigureServices((context, services) => services.AddSingleton<IStartup>(new Startup(context, hostOptions, CorsOrigins)))
+                .ConfigureServices((context, services) => services.AddSingleton<IStartup>(new Startup(context, hostOptions, CorsOrigins, CorsCredentials)))
                 .Build();
         }
 
@@ -393,15 +401,17 @@ public class Startup : IStartup
             private readonly WebHostBuilderContext _builderContext;
             private readonly ScriptApplicationHostOptions _hostOptions;
             private readonly string[] _corsOrigins;
+            private readonly bool _corsCredentials;
 
-            public Startup(WebHostBuilderContext builderContext, ScriptApplicationHostOptions hostOptions, string corsOrigins)
+            public Startup(WebHostBuilderContext builderContext, ScriptApplicationHostOptions hostOptions, string corsOrigins, bool corsCredentials)
             {
                 _builderContext = builderContext;
                 _hostOptions = hostOptions;
 
                 if (!string.IsNullOrEmpty(corsOrigins))
                 {
                     _corsOrigins = corsOrigins.Split(',', StringSplitOptions.RemoveEmptyEntries);
+                    _corsCredentials = corsCredentials;
                 }
             }
 
@@ -444,9 +454,13 @@ public void Configure(IApplicationBuilder app)
                 {
                     app.UseCors(builder =>
                     {
-                        builder.WithOrigins(_corsOrigins)
+                        var origins = builder.WithOrigins(_corsOrigins)
                             .AllowAnyHeader()
                             .AllowAnyMethod();
+                        if (_corsCredentials)
+                        {
+                            origins.AllowCredentials();
+                        }
                     });
                 }
 

src/Azure.Functions.Cli/Common/HostStartSettings.cs

@@ -9,5 +9,8 @@ public class HostStartSettings
 
         [JsonProperty("CORS", DefaultValueHandling = DefaultValueHandling.Ignore)]
         public string Cors { get; set; }
+
+        [JsonProperty("CORSCredentials", DefaultValueHandling = DefaultValueHandling.Ignore)]
+        public bool CorsCredentials { get; set; }
     }
 }