{"id":580,"date":"2017-01-09T16:41:16","date_gmt":"2017-01-09T15:41:16","guid":{"rendered":"https:\/\/solidt.eu\/site\/?p=580"},"modified":"2018-02-06T12:09:05","modified_gmt":"2018-02-06T11:09:05","slug":"c-web-api-rest-api-cors","status":"publish","type":"post","link":"https:\/\/solidt.eu\/site\/c-web-api-rest-api-cors\/","title":{"rendered":"C# WEB API \/ REST API CORS"},"content":{"rendered":"
using System;\r\nusing System.Web.Http;\r\nusing Microsoft.Owin;\r\nusing Microsoft.Owin.Security.OAuth;\r\nusing Owin;\r\n\r\nnamespace WebApi.Helpers\r\n{\r\n    public class Startup\r\n    {\r\n        private class CorsHeaderFilter : System.Web.Http.Filters.ActionFilterAttribute\r\n        {\r\n            public override void OnActionExecuted(System.Web.Http.Filters.HttpActionExecutedContext actionExecutedContext)\r\n            {\r\n                actionExecutedContext.Response.Headers.Add(\"Access-Control-Allow-Origin\", \"*\");\r\n            }\r\n        }\r\n\r\n        public void Configuration(IAppBuilder app)\r\n        {           \r\n            ConfigureCors(app); \/\/ Cors support that just works (before ConfigureOAuth!)\r\n            ConfigureOAuth(app);\r\n\r\n            var config = new HttpConfiguration();\r\n            config.Filters.Add(new CorsHeaderFilter());\r\n            WebApiConfig.Register(config);\r\n            app.UseWebApi(config);\r\n        }        \r\n        private static void SetCorsHeaders(IOwinContext context)\r\n        {\r\n            try\r\n            {\r\n                context.Response.Headers[\"Access-Control-Allow-Origin\"] = context.Request.Headers.Get(\"Origin\") ?? \"*\";\r\n                context.Response.Headers[\"Access-Control-Allow-Headers\"] = context.Request.Headers.Get(\"Access-Control-Request-Headers\");\r\n                context.Response.Headers[\"Access-Control-Allow-Methods\"] = \"GET, POST, PUT, DELETE, OPTIONS\";\r\n                context.Response.Headers[\"Access-Control-Expose-Headers\"] = \"Date, Content-Type, Content-Disposition, X-Total-Count, X-Employer-Code\";\r\n                context.Response.Headers[\"Access-Control-Allow-Credentials\"] = \"true\";\r\n            }\r\n            catch (Exception)\r\n            {\r\n                \/\/ ignore\r\n            }\r\n        }\r\n\r\n        private void ConfigureCors(IAppBuilder app)\r\n        {\r\n            app.MapWhen(ctx => ctx.Request.Method.Equals(\"OPTIONS\", System.StringComparison.OrdinalIgnoreCase), appBuilder =>\r\n            {\r\n                appBuilder.Run(context =>\r\n                {\r\n                    SetCorsHeaders(context);\r\n                    return context.Response.WriteAsync(\"\");\r\n                });\r\n            });\r\n\r\n            app.Use(async (context, next) =>\r\n            {\r\n                SetCorsHeaders(context);\r\n                await next();\r\n                SetCorsHeaders(context);\r\n            });\r\n        }\r\n\r\n        private void ConfigureOAuth(IAppBuilder app)\r\n        {\r\n            var serverOptions = new OAuthAuthorizationServerOptions\r\n            {\r\n                AllowInsecureHttp = true,\r\n                TokenEndpointPath = new PathString(\"\/token\"),\r\n                AccessTokenExpireTimeSpan = TimeSpan.FromHours(2),\r\n                Provider = new UserAuthorizationServerProvider(),\r\n                RefreshTokenProvider = new RefreshTokenProvider()\r\n            };\r\n\r\n            app.UseOAuthAuthorizationServer(serverOptions);\r\n            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());\r\n        }\r\n    }\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
using System; using System.Web.Http; using Microsoft.Owin; using Microsoft.Owin.Security.OAuth; using Owin; namespace WebApi.Helpers { public class Startup { private class CorsHeaderFilter : System.Web.Http.Filters.ActionFilterAttribute { public override void OnActionExecuted(System.Web.Http.Filters.HttpActionExecutedContext actionExecutedContext) { actionExecutedContext.Response.Headers.Add(“Access-Control-Allow-Origin”, “*”); } } public void Configuration(IAppBuilder app) { ConfigureCors(app); \/\/ Cors support that just works (before ConfigureOAuth!) ConfigureOAuth(app); var config = new HttpConfiguration(); config.Filters.Add(new CorsHeaderFilter()); […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6],"tags":[],"class_list":["post-580","post","type-post","status-publish","format-standard","hentry","category-dotnet"],"_links":{"self":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts\/580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/comments?post=580"}],"version-history":[{"count":7,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts\/580\/revisions"}],"predecessor-version":[{"id":1009,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/posts\/580\/revisions\/1009"}],"wp:attachment":[{"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/media?parent=580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/categories?post=580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solidt.eu\/site\/wp-json\/wp\/v2\/tags?post=580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}