Cross-Origin Resource Sharing (CORS) support¶
The Suite Framework provides out-of-the-box support for cross-origin requests.
CORS feature is enabled by default, whenever your application depends on
EndpointsModule, the CORS module will be plugged in as well.
Warning
The default configuration allows any origin to access the resources served by the framework components. This configuration is useful for development environments, but for production environments you must setup which domains are going to be able to access the resources, for security reasons.
CORS module configuration¶
The CORS module can be given two behaviors depending on the values provided to
the CorsModuleOptions' AllowedOrigins property.
- No values assigned: the module is configured to allow any origin
- Supplying specific origins: the module applies a more restricted
CORSpolicy by allowing only the origins specified to access the resources.
The configuration can be provided either manually or by any other way supported
by the .NET's IConfiguration.
Let's see two common approaches to configure the module.
Configuring the module using CorsModuleOptions at Setup stage¶
By using the CorsModuleOptions during the setup stage of our module we can
manipulate the allowed origins property and add each origin we want to be
allowed to access our resources from a different origin.
| C# | |
|---|---|
IConfiguration¶
The options can be set through the IConfiguration like the appsettings.json.
The following is an example of the required module's configuration to be provided in the json setting file. The example shows only a section of the entire file, the one that is of our interest:
| JSON | |
|---|---|
In the previous example we added two origins and two allowed exposed headers,
these values can be removed or complemented with new ones later on by the
application, injecting the CorsModuleConfiguration instance wherever you need
to work with it.