From 17dcf7025862f5c011e6e52b08c90144364d4699 Mon Sep 17 00:00:00 2001 From: John Rowley Date: Fri, 6 Nov 2015 15:34:30 -0800 Subject: [PATCH] Updated source code and changed the documentation to reflect changes in api. --- mvc/security/cors-policy.rst | 20 ++++++++++---------- mvc/security/cors-policy/sample/Startup.cs | 7 +++++-- mvc/security/cors-policy/sample/project.json | 13 ++++++++----- 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/mvc/security/cors-policy.rst b/mvc/security/cors-policy.rst index 77a3f1db1f22..3d56eb4561b5 100644 --- a/mvc/security/cors-policy.rst +++ b/mvc/security/cors-policy.rst @@ -3,7 +3,7 @@ Specifying a CORS Policy ======================== -By `Mike Wasson`_ +By `Mike Wasson`_ Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the *same-origin policy*, and prevents a malicious site from reading sensitive data from another site. However, sometimes you might want to let other sites make cross-origin requests to your web app. @@ -17,25 +17,25 @@ In your project.json file, add the following: .. literalinclude:: cors-policy/sample/project.json :language: json - :lines: 5,9-10 + :lines: 5,11,12 :emphasize-lines: 2 Configure CORS -------------- -To configure CORS, call ``ConfigureCors`` in the ``ConfigureServices`` method of your ``Startup`` class, as shown here: +To configure CORS, call ``AddCors`` in the ``ConfigureServices`` method of your ``Startup`` class, as shown here: .. literalinclude:: cors-policy/sample/Startup.cs :language: csharp - :lines: 10-21,27 + :lines: 13-24,30 :dedent: 8 -This example defines a CORS policy named "AllowSpecificOrigin" that allows cross-origin requests from "http://example.com" and no other origins. The lambda takes a ``CorsPolicyBuilder`` object. To learn more about the various CORS policy settings, see :ref:`aspnet:cors-policy-options`. +This example defines a CORS policy named "AllowSpecificOrigin" that allows cross-origin requests from "http://example.com" and no other origins. The lambda takes a ``CorsPolicyBuilder`` object. To learn more about the various CORS policy settings, see :ref:`aspnet:cors-policy-options`. Apply CORS Policies ------------------- - + The next step is to apply the policies. You can apply a CORS policy per action, per controller, or globally for all controllers in your application. Per action @@ -65,11 +65,11 @@ Add the ``CorsAuthorizationFilterFactory`` filter to the global filter collectio .. literalinclude:: cors-policy/sample/Startup.cs :language: csharp - :lines: 10-12,22-26 + :lines: 13-15,26-30 :dedent: 8 - -The precedence order is: Action, controller, global. Action-level policies take precedence over controller-level policies, and controller-level policies take precedence over global policies. - + +The precedence order is: Action, controller, global. Action-level policies take precedence over controller-level policies, and controller-level policies take precedence over global policies. + Disable CORS ^^^^^^^^^^^^ diff --git a/mvc/security/cors-policy/sample/Startup.cs b/mvc/security/cors-policy/sample/Startup.cs index da1acc5bb22a..d634fdaaa469 100644 --- a/mvc/security/cors-policy/sample/Startup.cs +++ b/mvc/security/cors-policy/sample/Startup.cs @@ -1,6 +1,9 @@ using Microsoft.AspNet.Builder; +using Microsoft.AspNet.Hosting; using Microsoft.AspNet.Mvc; +using Microsoft.AspNet.Mvc.Cors; using Microsoft.Framework.DependencyInjection; +using Microsoft.Framework.Logging; namespace CorsMvc { @@ -10,7 +13,7 @@ public class Startup public void ConfigureServices(IServiceCollection services) { services.AddMvc(); - services.ConfigureCors(options => + services.AddCors(options => { // Define one or more CORS policies options.AddPolicy("AllowSpecificOrigin", @@ -26,7 +29,7 @@ public void ConfigureServices(IServiceCollection services) }); } - public void Configure(IApplicationBuilder app) + public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { app.UseMvc(); } diff --git a/mvc/security/cors-policy/sample/project.json b/mvc/security/cors-policy/sample/project.json index 9e595b1ac5fd..527b9996d267 100644 --- a/mvc/security/cors-policy/sample/project.json +++ b/mvc/security/cors-policy/sample/project.json @@ -3,14 +3,16 @@ "version": "1.0.0-*", "dependencies": { - "Microsoft.AspNet.Server.IIS": "1.0.0-beta4", - "Microsoft.AspNet.Server.WebListener": "1.0.0-beta4", - "Microsoft.AspNet.Mvc": "6.0.0-beta4", - "Microsoft.AspNet.Cors": "1.0.0-beta4" + "Microsoft.AspNet.Server.WebListener": "1.0.0-beta8", + "Microsoft.AspNet.Mvc": "6.0.0-beta8", + "Microsoft.AspNet.Server.Kestrel": "1.0.0-beta8", + "Microsoft.Framework.Logging": "1.0.0-beta8", + "Microsoft.Framework.Logging.Console": "1.0.0-beta8", + "Microsoft.AspNet.Cors": "6.0.0-beta8" }, "commands": { - "web": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.WebListener --server.urls http://localhost:5000" + "web": "Microsoft.AspNet.Server.Kestrel --server.urls http://localhost:5000" }, "frameworks": { @@ -25,6 +27,7 @@ "**.user", "**.vspscc" ], + "exclude": [ "wwwroot", "node_modules",