Update CORS middleware to use endpoint metadata

Author: JamesNK

src/CORS/CORS.sln

@@ -28,21 +28,11 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SampleOrigin", "samples\Sam
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{0CCC5C1B-F548-4A17-96F8-14C700093FA0}"
 	ProjectSection(SolutionItems) = preProject
-		.appveyor.yml = .appveyor.yml
-		.gitattributes = .gitattributes
 		.gitignore = .gitignore
-		.travis.yml = .travis.yml
-		build.cmd = build.cmd
-		build.ps1 = build.ps1
-		build.sh = build.sh
-		CONTRIBUTING.md = CONTRIBUTING.md
 		Directory.Build.props = Directory.Build.props
 		Directory.Build.targets = Directory.Build.targets
-		LICENSE.txt = LICENSE.txt
-		NuGet.config = NuGet.config
 		NuGetPackageVerifier.json = NuGetPackageVerifier.json
 		README.md = README.md
-		version.xml = version.xml
 	EndProjectSection
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FunctionalTests", "test\FunctionalTests\FunctionalTests.csproj", "{99EB6889-C7D8-4BC3-AF99-B966B9E64C81}"

src/CORS/build/dependencies.props

@@ -3,20 +3,21 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>3.0.0-build-20181116.1</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerIntegrationTestingPackageVersion>0.7.0-alpha1-10742</MicrosoftAspNetCoreServerIntegrationTestingPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreStaticFilesPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-alpha1-10742</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftExtensionsConfigurationAbstractionsPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsConfigurationAbstractionsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingTestingPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsLoggingTestingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-preview-181113-11</MicrosoftExtensionsOptionsPackageVersion>
-    <MicrosoftNETCoreAppPackageVersion>3.0.0-preview1-26907-05</MicrosoftNETCoreAppPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>3.0.0-build-20181120.4</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>3.0.0-preview-18605-0080</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreRoutingPackageVersion>3.0.0-preview-18605-0080</MicrosoftAspNetCoreRoutingPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>3.0.0-preview-18605-0080</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerIntegrationTestingPackageVersion>0.3.0-preview-18605-0080</MicrosoftAspNetCoreServerIntegrationTestingPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>3.0.0-preview-18605-0080</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreStaticFilesPackageVersion>3.0.0-preview-18605-0080</MicrosoftAspNetCoreStaticFilesPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>3.0.0-preview-18605-0080</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftExtensionsConfigurationAbstractionsPackageVersion>3.0.0-preview.18572.1</MicrosoftExtensionsConfigurationAbstractionsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>3.0.0-preview.18572.1</MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>3.0.0-preview.18572.1</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>3.0.0-preview.18572.1</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingTestingPackageVersion>3.0.0-preview.18572.1</MicrosoftExtensionsLoggingTestingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>3.0.0-preview.18572.1</MicrosoftExtensionsOptionsPackageVersion>
+    <MicrosoftNETCoreAppPackageVersion>3.0.0-preview-27122-01</MicrosoftNETCoreAppPackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MoqPackageVersion>4.10.0</MoqPackageVersion>
     <XunitAnalyzersPackageVersion>0.10.0</XunitAnalyzersPackageVersion>

src/CORS/samples/SampleDestination/Program.cs

@@ -1,6 +1,7 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System;
 using System.IO;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Logging;
@@ -11,12 +12,30 @@ public class Program
     {
         public static void Main(string[] args)
         {
+            Type startupType = null;
+
+            var startup = Environment.GetEnvironmentVariable("CORS_STARTUP");
+            switch (startup)
+            {
+                case "Startup":
+                    startupType = typeof(Startup);
+                    break;
+                case "StartupWithoutEndpointRouting":
+                    startupType = typeof(StartupWithoutEndpointRouting);
+                    break;
+            }
+
+            if (startupType == null)
+            {
+                throw new InvalidOperationException("Could not resolve the startup type. Unexpected CORS_STARTUP environment variable.");
+            }
+
             var host = new WebHostBuilder()
                 .UseKestrel()
                 .UseUrls("http://+:9000")
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .ConfigureLogging(factory => factory.AddConsole())
-                .UseStartup<Startup>()
+                .UseStartup(startupType)
                 .Build();
 
             host.Run();

src/CORS/samples/SampleDestination/SampleDestination.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>netcoreapp3.0</TargetFramework>
@@ -11,6 +11,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="$(MicrosoftAspNetCoreServerKestrelPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="$(MicrosoftExtensionsLoggingConsolePackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Routing" Version="$(MicrosoftAspNetCoreRoutingPackageVersion)" />
   </ItemGroup>
 
 </Project>

src/CORS/samples/SampleDestination/Startup.cs

@@ -1,9 +1,7 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Net;
-using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -16,72 +14,64 @@ namespace SampleDestination
     public class Startup
     {
         private static readonly string DefaultAllowedOrigin = $"http://{Dns.GetHostName()}:9001";
-        private readonly ILogger<Startup> _logger;
+        private readonly ILogger<StartupWithoutEndpointRouting> _logger;
 
         public Startup(ILoggerFactory loggerFactory)
         {
-            _logger = loggerFactory.CreateLogger<Startup>();
+            _logger = loggerFactory.CreateLogger<StartupWithoutEndpointRouting>();
             _logger.LogInformation($"Setting up CORS middleware to allow clients on {DefaultAllowedOrigin}");
         }
 
         public void ConfigureServices(IServiceCollection services)
         {
-            services.AddCors();
-        }
-
-        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
-        {
-            app.Map("/allow-origin", innerBuilder =>
+            services.AddCors(options =>
             {
-                innerBuilder.UseCors(policy => policy
+                options.AddPolicy("AllowOrigin", policy => policy
                     .WithOrigins(DefaultAllowedOrigin)
                     .AllowAnyMethod()
                     .AllowAnyHeader());
 
-                innerBuilder.UseMiddleware<SampleMiddleware>();
-            });
-
-            app.Map("/allow-header-method", innerBuilder =>
-            {
-                innerBuilder.UseCors(policy => policy
+                options.AddPolicy("AllowHeaderMethod", policy => policy
                     .WithOrigins(DefaultAllowedOrigin)
                     .WithHeaders("X-Test", "Content-Type")
                     .WithMethods("PUT"));
 
-                innerBuilder.UseMiddleware<SampleMiddleware>();
-            });
-
-            app.Map("/allow-credentials", innerBuilder =>
-            {
-                innerBuilder.UseCors(policy => policy
+                options.AddPolicy("AllowCredentials", policy => policy
                     .WithOrigins(DefaultAllowedOrigin)
                     .AllowAnyHeader()
                     .WithMethods("GET", "PUT")
                     .AllowCredentials());
 
-                innerBuilder.UseMiddleware<SampleMiddleware>();
-            });
-
-            app.Map("/exposed-header", innerBuilder =>
-            {
-                innerBuilder.UseCors(policy => policy
+                options.AddPolicy("ExposedHeader", policy => policy
                     .WithOrigins(DefaultAllowedOrigin)
                     .WithExposedHeaders("X-AllowedHeader", "Content-Length"));
 
-                innerBuilder.UseMiddleware<SampleMiddleware>();
-            });
-
-            app.Map("/allow-all", innerBuilder =>
-            {
-                innerBuilder.UseCors(policy => policy
+                options.AddPolicy("AllowAll", policy => policy
                     .AllowAnyOrigin()
                     .AllowAnyMethod()
                     .AllowAnyHeader()
                     .AllowCredentials());
+            });
+            services.AddRouting();
+        }
 
-                innerBuilder.UseMiddleware<SampleMiddleware>();
+        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
+        {
+            var sampleMiddleware = new SampleMiddleware(context => Task.CompletedTask);
+
+            app.UseEndpointRouting(routing =>
+            {
+                routing.Map("/allow-origin", sampleMiddleware.Invoke).RequireCors("AllowOrigin");
+                routing.Map("/allow-header-method", sampleMiddleware.Invoke).RequireCors("AllowHeaderMethod");
+                routing.Map("/allow-credentials", sampleMiddleware.Invoke).RequireCors("AllowCredentials");
+                routing.Map("/exposed-header", sampleMiddleware.Invoke).RequireCors("ExposedHeader");
+                routing.Map("/allow-all", sampleMiddleware.Invoke).RequireCors("AllowAll");
             });
 
+            app.UseCors();
+
+            app.UseEndpoint();
+
             app.Run(async (context) =>
             {
                 await context.Response.WriteAsync("Hello World!");

src/CORS/samples/SampleDestination/StartupWithoutEndpointRouting.cs

@@ -0,0 +1,88 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Net;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+
+namespace SampleDestination
+{
+    public class StartupWithoutEndpointRouting
+    {
+        private static readonly string DefaultAllowedOrigin = $"http://{Dns.GetHostName()}:9001";
+        private readonly ILogger<StartupWithoutEndpointRouting> _logger;
+
+        public StartupWithoutEndpointRouting(ILoggerFactory loggerFactory)
+        {
+            _logger = loggerFactory.CreateLogger<StartupWithoutEndpointRouting>();
+            _logger.LogInformation($"Setting up CORS middleware to allow clients on {DefaultAllowedOrigin}");
+        }
+
+        public void ConfigureServices(IServiceCollection services)
+        {
+            services.AddCors();
+        }
+
+        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
+        {
+            app.Map("/allow-origin", innerBuilder =>
+            {
+                innerBuilder.UseCors(policy => policy
+                    .WithOrigins(DefaultAllowedOrigin)
+                    .AllowAnyMethod()
+                    .AllowAnyHeader());
+
+                innerBuilder.UseMiddleware<SampleMiddleware>();
+            });
+
+            app.Map("/allow-header-method", innerBuilder =>
+            {
+                innerBuilder.UseCors(policy => policy
+                    .WithOrigins(DefaultAllowedOrigin)
+                    .WithHeaders("X-Test", "Content-Type")
+                    .WithMethods("PUT"));
+
+                innerBuilder.UseMiddleware<SampleMiddleware>();
+            });
+
+            app.Map("/allow-credentials", innerBuilder =>
+            {
+                innerBuilder.UseCors(policy => policy
+                    .WithOrigins(DefaultAllowedOrigin)
+                    .AllowAnyHeader()
+                    .WithMethods("GET", "PUT")
+                    .AllowCredentials());
+
+                innerBuilder.UseMiddleware<SampleMiddleware>();
+            });
+
+            app.Map("/exposed-header", innerBuilder =>
+            {
+                innerBuilder.UseCors(policy => policy
+                    .WithOrigins(DefaultAllowedOrigin)
+                    .WithExposedHeaders("X-AllowedHeader", "Content-Length"));
+
+                innerBuilder.UseMiddleware<SampleMiddleware>();
+            });
+
+            app.Map("/allow-all", innerBuilder =>
+            {
+                innerBuilder.UseCors(policy => policy
+                    .AllowAnyOrigin()
+                    .AllowAnyMethod()
+                    .AllowAnyHeader()
+                    .AllowCredentials());
+
+                innerBuilder.UseMiddleware<SampleMiddleware>();
+            });
+
+            app.Run(async (context) =>
+            {
+                await context.Response.WriteAsync("Hello World!");
+            });
+        }
+    }
+}

src/CORS/samples/SampleOrigin/Program.cs

@@ -1,4 +1,4 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.IO;

src/CORS/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsEndpointConventionBuilderExtensions.cs

@@ -0,0 +1,27 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Cors;
+using Microsoft.AspNetCore.Routing;
+using System;
+using System.Linq;
+
+namespace Microsoft.AspNetCore.Builder
+{
+    public static class CorsEndpointConventionBuilderExtensions
+    {
+        public static IEndpointConventionBuilder RequireCors(this IEndpointConventionBuilder builder, string policyName)
+        {
+            if (builder == null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
+
+            builder.Apply(endpointBuilder =>
+            {
+                endpointBuilder.Metadata.Add(new EnableCorsAttribute(policyName));
+            });
+            return builder;
+        }
+    }
+}

src/CORS/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsMiddleware.cs

@@ -5,6 +5,7 @@
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Cors.Internal;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Endpoints;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 
@@ -124,7 +125,7 @@ public Task Invoke(HttpContext context, ICorsPolicyProvider corsPolicyProvider)
 
         private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolicyProvider)
         {
-            var corsPolicy = _policy ?? await corsPolicyProvider.GetPolicyAsync(context, _corsPolicyName);
+            var corsPolicy = _policy ?? await corsPolicyProvider.GetPolicyAsync(context, ResolveCorsPolicyName(context));
             if (corsPolicy == null)
             {
                 Logger?.NoCorsPolicyFound();
@@ -149,6 +150,12 @@ private async Task InvokeCore(HttpContext context, ICorsPolicyProvider corsPolic
             }
         }
 
+        internal string ResolveCorsPolicyName(HttpContext context)
+        {
+            var endpoint = context.GetEndpoint();
+            return endpoint?.Metadata.GetMetadata<IEnableCorsAttribute>()?.PolicyName ?? _corsPolicyName;
+        }
+
         private static Task OnResponseStarting(object state)
         {
             var (middleware, context, result) = (Tuple<CorsMiddleware, HttpContext, CorsResult>)state;

src/CORS/src/Microsoft.AspNetCore.Cors/Microsoft.AspNetCore.Cors.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <Description>CORS middleware and policy for ASP.NET Core to enable cross-origin resource sharing.
@@ -13,6 +13,7 @@ Microsoft.AspNetCore.Cors.EnableCorsAttribute</Description>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Http.Extensions" Version="$(MicrosoftAspNetCoreHttpExtensionsPackageVersion)" />
+    <PackageReference Include="Microsoft.AspNetCore.Routing" Version="$(MicrosoftAspNetCoreRoutingPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="$(MicrosoftExtensionsConfigurationAbstractionsPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="$(MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion)" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="$(MicrosoftExtensionsLoggingAbstractionsPackageVersion)" />