mirror of
https://github.com/bitwarden/server.git
synced 2025-01-10 20:07:56 +01:00
Things to get around CORS pre-flight request. Allow Jwt token to be passed via "access_token" query stirng param. Allow JSON body content to be parsed as "text/plain" content type.
This commit is contained in:
Kyle Spearrin
parent
0582eb73db
commit
f6ee916d7b
@ -22,6 +22,9 @@ using StackExchange.Redis.Extensions.Core;
|
|||||||
using StackExchange.Redis.Extensions.Newtonsoft;
|
using StackExchange.Redis.Extensions.Newtonsoft;
|
||||||
using Loggr.Extensions.Logging;
|
using Loggr.Extensions.Logging;
|
||||||
using Newtonsoft.Json;
|
using Newtonsoft.Json;
|
||||||
|
using System.Linq;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Formatters;
|
||||||
|
using Microsoft.Net.Http.Headers;
|
||||||
|
|
||||||
namespace Bit.Api
|
namespace Bit.Api
|
||||||
{
|
{
|
||||||
@ -136,7 +139,8 @@ namespace Bit.Api
|
|||||||
// Cors
|
// Cors
|
||||||
services.AddCors(config =>
|
services.AddCors(config =>
|
||||||
{
|
{
|
||||||
config.AddPolicy("All", policy => policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
|
config.AddPolicy("All", policy =>
|
||||||
|
policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().SetPreflightMaxAge(TimeSpan.FromDays(1)));
|
||||||
});
|
});
|
||||||
|
|
||||||
// MVC
|
// MVC
|
||||||
@ -144,6 +148,9 @@ namespace Bit.Api
|
|||||||
{
|
{
|
||||||
config.Filters.Add(new ExceptionHandlerFilterAttribute());
|
config.Filters.Add(new ExceptionHandlerFilterAttribute());
|
||||||
config.Filters.Add(new ModelStateValidationFilterAttribute());
|
config.Filters.Add(new ModelStateValidationFilterAttribute());
|
||||||
|
// Allow JSON of content type "text/plain" to avoid cors preflight
|
||||||
|
config.InputFormatters.OfType<JsonInputFormatter>().SingleOrDefault()?
|
||||||
|
.SupportedMediaTypes.Add(MediaTypeHeaderValue.Parse("text/plain"));
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -49,7 +49,8 @@ namespace Bit.Core.Identity
|
|||||||
options.Events = new JwtBearerEvents
|
options.Events = new JwtBearerEvents
|
||||||
{
|
{
|
||||||
OnTokenValidated = JwtBearerEventImplementations.ValidatedTokenAsync,
|
OnTokenValidated = JwtBearerEventImplementations.ValidatedTokenAsync,
|
||||||
OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync
|
OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync,
|
||||||
|
OnMessageReceived = JwtBearerEventImplementations.MessageReceivedAsync
|
||||||
};
|
};
|
||||||
|
|
||||||
app.UseJwtBearerAuthentication(options);
|
app.UseJwtBearerAuthentication(options);
|
||||||
|
|||||||
@ -49,5 +49,15 @@ namespace Bit.Core.Identity
|
|||||||
|
|
||||||
return Task.FromResult(0);
|
return Task.FromResult(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static Task MessageReceivedAsync(MessageReceivedContext context)
|
||||||
|
{
|
||||||
|
if(!context.Request.Headers.ContainsKey("Authorization"))
|
||||||
|
{
|
||||||
|
context.Token = context.Request.Query["access_token"];
|
||||||
|
}
|
||||||
|
|
||||||
|
return Task.FromResult(0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user