Asp.Net Core项目跨域策略配置通配符替换二级域名的操作

原理:在AddMVC()里会默认注入跨域的策略处理类,只需在AddMVC()之后,在AddCors()之前,
    注入自己的跨域策略处理类,用来替换原来的处理即可。
 

学习网站:https://www.cnblogs.com/liuqiyun/p/8676776.html

自己的跨域策略处理类:

using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Options;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace aspCore.Extensions
{
    //自己的扩展
    /// <summary>
    /// 自定义跨域处理服务,增加通配符二级域名策略  ICorsService
    /// 想要覆盖之前的ICorsService,需要在AddMvc()之后,替换,例如下:
    /// services.Add(ServiceDescriptor.Transient<ICorsService, WildcardCorsService>());
    /// services.Configure<CorsOptions>(options => options.AddPolicy(
    /// "AllowSameDomain",
    /// builder => builder.WithOrigins("*.test.com")));
    /// </summary>
    public class WildcardCorsService : CorsService
    {
        public WildcardCorsService(IOptions<CorsOptions> options)
            : base(options)
        {
        }

        #region 在默认处理域名策略之前,提前拦截,用自己的策略
        public override void EvaluateRequest(HttpContext context, CorsPolicy policy, CorsResult result)
        {
            var origin = context.Request.Headers[CorsConstants.Origin];
            //拦截
            //Orings为策略(*.test.com)(该策略可多个)    origin为跨域请求的域名
            EvaluateOriginForWildcard(policy.Origins, origin);
            //策略根据通配符替换完成
            base.EvaluateRequest(context, policy, result);
        }

        public override void EvaluatePreflightRequest(HttpContext context, CorsPolicy policy, CorsResult result)
        {
            var origin = context.Request.Headers[CorsConstants.Origin];
            //拦截
            EvaluateOriginForWildcard(policy.Origins, origin);
            //策略根据通配符替换完成
            base.EvaluatePreflightRequest(context, policy, result);
        }
        #endregion
        private void EvaluateOriginForWildcard(IList<string> origins, string origin)
        {
            //只在没有匹配的origin的情况下进行操作
            if (!origins.Contains(origin))
            {
                //查询所有以星号开头的origin (如果有多个通配符域名策略,每个都设置)
                var wildcardDomains = origins.Where(o => o.StartsWith("*"));
                if (wildcardDomains.Any())
                {
                    //遍历以星号开头的origin 
                    foreach (var wildcardDomain in wildcardDomains)
                    {
                        //如果以.test.com结尾
                        if (origin.EndsWith(wildcardDomain.Substring(1))
                            //或者以//test.com结尾,针对http://test.com
                            || origin.EndsWith("//" + wildcardDomain.Substring(2)))
                        {
                            //将http://www.cnblogs.com添加至origins
                            origins.Add(origin);
                            break;
                        }
                    }
                }
            }
        }
    }
}

 

使用:

 public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
            services.Add(ServiceDescriptor.Transient<ICorsService, WildcardCorsService>());
            string[] origins = new string[] {
                        "http://layout.test.com"
                    };
            services.AddCors(options =>
            {
                options.AddPolicy("AllowAllOrigin", builder =>
                {
                    builder
                        .WithOrigins("*.test.com")
                        .AllowAnyHeader()
                        .AllowAnyMethod()
                        .AllowCredentials();
                        //.AllowAnyOrigin()
                        
                });
            });

        }

 

 

展开阅读全文

没有更多推荐了,返回首页