search

abpframework / abp

Open-source web application framework for ASP.NET Core! Offers an opinionated architecture to build enterprise software solutions with best practices on top of the .NET. Provides the fundamental infrastructure, cross-cutting-concern implementations, startup templates, application modules, UI themes, tooling and documentation.
https://abp.io
GNU Lesser General Public License v3.0
12.81k stars 3.41k forks source link

Add custom cors origin manually that I added it in HttpApi.Host app in AuthServer app also #16667

Open PioneerOfProgramming opened 1 year ago

PioneerOfProgramming commented 1 year ago

Is there an existing issue for this?

Description

I want to add custom cors origin the matters went well when I was working on one app after I upgraded ABP to 7.2V and separated my project into two apps HttpApi.Host app in AuthServer app, I am stuck in this problem of how to add the cors origin as same as from the host app to auth server app this is my code to add Cors origin in the host app

public async Task AddOriginAsync(string name)
{
    var policy = await corsPolicyProvider.GetPolicyAsync(httpContextAccessor.HttpContext, WhyzrConsts.DefaultCorsPolicyName);
    if (!policy.Origins.Any(o => o == name))
    {
        policy.Origins.Add(name);
    }

}

Reproduction Steps

No response

Expected behavior

No response

Actual behavior

No response

Regression?

No response

Known Workarounds

No response

Version

7.2

User Interface

Angular

Database Provider

EF Core (Default)

Tiered or separate authentication server

Separate Auth Server

Operation System

Windows (Default)

Other information

No response

berkansasmaz commented 1 year ago

Just update the CorsOrigin list in appsettings.json.

https://github.com/abpframework/abp/blob/2e03b0be47cf255e6f21a429f88bc5a3824ec238/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/appsettings.json#L3

PioneerOfProgramming commented 1 year ago

@berkansasmaz No I meant manually by code

berkansasmaz commented 1 year ago

For this, you can see how it is configured in the startup templates.

For instance:

https://github.com/abpframework/abp/blob/3cf24faa08826c14649870235cdd06cfc7fcac9d/templates/app-nolayers/aspnet-core/MyCompanyName.MyProjectName.Blazor.WebAssembly/Server/MyProjectNameHostModule.cs#L229-L249

You can search for the ConfigureCors method in the source code of the startup template you use and configure it similarly.

PioneerOfProgramming commented 1 year ago

@berkansasmaz I need when the server running online to add new domains for new tenants... so i can not predicate how they will add their domains, so i want a way to add those domains to cors orgins everything was okay, but when i use two server...the cors origin add it on app but not add it on auth server as i mention it above

berkansasmaz commented 1 year ago

I understand your problem, first of all sorry for the late reply, I missed it. Also, thank you for your detailed explanation. 🙏

For this, I can suggest you to publish a distributed event or make a direct HTTP request. You can publish an event or send an HTTP request to the auth-server so that it will be triggered every time a new domain is added or CORS is added. Then, you can handle it in the Auth-Server as it is handled in the Host application. Your question is clear, but I have a little thought, why doesn't it work when we add https://*.berkansasmaz.com to CORS? When you say Tenant's domain, does not only the subdomain change, do you have a different solution?

PioneerOfProgramming commented 1 year ago

@berkansasmaz Thanks for your suggestion and i implemented when CORS is added I send an HTTP request to the auth-server. But I face new problem how to know if request authorized when reach to auth-server?

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.