nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-08 06:28:14 -05:00
Code

set cors policies to only allow web vault origin (#787)

Browse Source 
* set cors policy to only allow web vault

* vault cors policy service
This commit is contained in:
Kyle Spearrin 2020-06-23 18:47:53 -04:00 committed by GitHub
parent 2daca941f3
commit cf70a5e480
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 24 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Api/Startup.cs
View File

@ -169,7 +169,7 @@ namespace Bit.Api
app.UseRouting(); app.UseRouting();
// Add Cors // Add Cors
app.UseCors(policy => policy.SetIsOriginAllowed(h => true) app.UseCors(policy => policy.SetIsOriginAllowed(o => o == globalSettings.BaseServiceUri.Vault)
.AllowAnyMethod().AllowAnyHeader().AllowCredentials()); .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
// Add authentication and authorization to the request pipeline. // Add authentication and authorization to the request pipeline.

13
src/Core/IdentityServer/AllowAllCorsPolicyService.cs
View File

@ -1,13 +0,0 @@
using IdentityServer4.Services;
using System.Threading.Tasks;
namespace Bit.Core.IdentityServer
{
public class AllowAllCorsPolicyService : ICorsPolicyService
{
public Task<bool> IsOriginAllowedAsync(string origin)
{
return Task.FromResult(true);
}
}
}

20
src/Core/IdentityServer/VaultCorsPolicyService.cs Normal file
View File

@ -0,0 +1,20 @@
using IdentityServer4.Services;
using System.Threading.Tasks;
namespace Bit.Core.IdentityServer
{
public class VaultCorsPolicyService : ICorsPolicyService
{
private readonly GlobalSettings _globalSettings;
public VaultCorsPolicyService(GlobalSettings globalSettings)
{
_globalSettings = globalSettings;
}
public Task<bool> IsOriginAllowedAsync(string origin)
{
return Task.FromResult(origin == _globalSettings.BaseServiceUri.Vault);
}
}
}

2
src/Core/Utilities/ServiceCollectionExtensions.cs
View File

@ -382,7 +382,7 @@ namespace Bit.Core.Utilities
} }
services.AddTransient<ClientStore>(); services.AddTransient<ClientStore>();
services.AddTransient<ICorsPolicyService, AllowAllCorsPolicyService>(); services.AddTransient<ICorsPolicyService, VaultCorsPolicyService>();
services.AddScoped<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>(); services.AddScoped<IResourceOwnerPasswordValidator, ResourceOwnerPasswordValidator>();
services.AddScoped<IProfileService, ProfileService>(); services.AddScoped<IProfileService, ProfileService>();
services.AddSingleton<IPersistedGrantStore, PersistedGrantStore>(); services.AddSingleton<IPersistedGrantStore, PersistedGrantStore>();

2
src/Events/Startup.cs
View File

@ -101,7 +101,7 @@ namespace Bit.Events
app.UseRouting(); app.UseRouting();
// Add Cors // Add Cors
app.UseCors(policy => policy.SetIsOriginAllowed(h => true) app.UseCors(policy => policy.SetIsOriginAllowed(o => o == globalSettings.BaseServiceUri.Vault)
.AllowAnyMethod().AllowAnyHeader().AllowCredentials()); .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
// Add authentication and authorization to the request pipeline. // Add authentication and authorization to the request pipeline.

2
src/Notifications/Startup.cs
View File

@ -102,7 +102,7 @@ namespace Bit.Notifications
app.UseRouting(); app.UseRouting();
// Add Cors // Add Cors
app.UseCors(policy => policy.SetIsOriginAllowed(h => true) app.UseCors(policy => policy.SetIsOriginAllowed(o => o == globalSettings.BaseServiceUri.Vault)
.AllowAnyMethod().AllowAnyHeader().AllowCredentials()); .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
// Add authentication to the request pipeline. // Add authentication to the request pipeline.