Things to get around CORS pre-flight request. Allow Jwt token to be passed via "access_token" query stirng param. Allow JSON body content to be parsed as "text/plain" content type.

2025-07-01 08:02:49 -05:00 · 2016-07-13 18:37:14 -04:00
parent 0582eb73db
commit f6ee916d7b
3 changed files with 20 additions and 2 deletions
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -22,6 +22,9 @@ using StackExchange.Redis.Extensions.Core;
 using StackExchange.Redis.Extensions.Newtonsoft;
 using Loggr.Extensions.Logging;
 using Newtonsoft.Json;
+using System.Linq;
+using Microsoft.AspNetCore.Mvc.Formatters;
+using Microsoft.Net.Http.Headers;

 namespace Bit.Api
 {
@ -136,7 +139,8 @@ namespace Bit.Api
            // Cors
            services.AddCors(config =>
            {
-                config.AddPolicy("All", policy => policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
+                config.AddPolicy("All", policy =>
+                    policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().SetPreflightMaxAge(TimeSpan.FromDays(1)));
            });

            // MVC
@ -144,6 +148,9 @@ namespace Bit.Api
            {
                config.Filters.Add(new ExceptionHandlerFilterAttribute());
                config.Filters.Add(new ModelStateValidationFilterAttribute());
+                // Allow JSON of content type "text/plain" to avoid cors preflight
+                config.InputFormatters.OfType<JsonInputFormatter>().SingleOrDefault()?
+                    .SupportedMediaTypes.Add(MediaTypeHeaderValue.Parse("text/plain"));
            });
        }