Make exception handling policy configurable for CORS

[itrofimow]

In project i am working at custom exception handling OwinMiddleware is used as first in the pipeline, which catches every exception thrown by application and maps it to httpResponse/statusCode based on some logic. We replace IExceptionHanlder with a handler that just rethrows , thus we have a single global exception hanlder(middleware). The problem arised when we tried to add CORS - its System.Web.Http.Cors.CorsMessageHandler.SendAsync swallows exeptions and processes them by its own logic and that just broke plenty of things.

We ended up with basically copy/paste of that Handler with SendAsync not catching everything, then we had to replace CorsMessageHanlder at HttpConfigurations.MessageHanlders after EnsureInitialized has been called and that looks pretty nasty.

So what i am asking for - is it possible to make that exception handling policy configurable?
Or did i miss something and it already is?

[mkArtakMSFT]

Thanks for contacting us, @itrofimow,
@blowdart, @Tratcher any suggestions?

[Tratcher]

Yeah, this try/catch is capturing way too much:

AspNetWebStack/src/System.Web.Http.Cors/CorsMessageHandler.cs

Lines 50 to 64 in b32ab42

	try
	{
	if (corsRequestContext.IsPreflight)
	{
	return await HandleCorsPreflightRequestAsync(request, corsRequestContext, cancellationToken);
	}
	else
	{
	return await HandleCorsRequestAsync(request, corsRequestContext, cancellationToken);
	}
	}
	catch (Exception exception)
	{
	return HandleException(request, exception);
	}

It would be one thing if it were only catching exceptions for its own logic, but it's also catching exceptions from any upstream handlers.

Fixing it would have to be opt-in config to avoid breaking people.

[dougbu]

I'll look at this and see what the approach might look like. We can decide based on that…

[itrofimow]

You guys are the best.

[itrofimow]

Hey guys. Any recent activity on this?
I might submit a PR if someone shares with me the design solution

[mkArtakMSFT]

@dougbu, can you please share your findings here?

[itrofimow]

Hi.
Any recent activity on this?
I mean its been a while, may be i can help somehow?

[dougbu]

@itrofimow we have been focused on other priorities. What's needed here is an extensibility point to more easily override or hook into Cors exception handling. I haven't looked closely but other approaches might also solve the issue.

If you would like to give it a shot, feel free. Please open your PR early so that we can provide feedback on your design while it's a work in progress.

[itrofimow]

Yeah, sure. Thanks

[itrofimow]

@dougbu ping

[itrofimow]

I've submitted a PR for this, could you please take a look at it? There's just a few non-breaking changes

[MaciekFlis]

Hi,

Did anyone have a chance to take a look at this? Maybe the labels for this should be updated since we already have a PR? Would be great to know timeline or at least priority for this

[dougbu]

I plan to look at #185 tomorrow or over the weekend.

[dougbu]

8044f4e

[dougbu]

Many thanks @itrofimow!