Things to get around CORS pre-flight request. Allow Jwt token to be passed via "access_token" query stirng param. Allow JSON body content to be parsed as "text/plain" content type.

2025-07-02 16:42:50 -05:00 · 2016-07-13 18:37:14 -04:00
parent 0582eb73db
commit f6ee916d7b
3 changed files with 20 additions and 2 deletions
--- a/src/Core/Identity/JwtBearerAppBuilderExtensions.cs
+++ b/src/Core/Identity/JwtBearerAppBuilderExtensions.cs
@ -49,7 +49,8 @@ namespace Bit.Core.Identity
            options.Events = new JwtBearerEvents
            {
                OnTokenValidated = JwtBearerEventImplementations.ValidatedTokenAsync,
-                OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync
+                OnAuthenticationFailed = JwtBearerEventImplementations.AuthenticationFailedAsync,
+                OnMessageReceived = JwtBearerEventImplementations.MessageReceivedAsync
            };

            app.UseJwtBearerAuthentication(options);
--- a/src/Core/Identity/JwtBearerEventImplementations.cs
+++ b/src/Core/Identity/JwtBearerEventImplementations.cs
@ -49,5 +49,15 @@ namespace Bit.Core.Identity

            return Task.FromResult(0);
        }
+
+        public static Task MessageReceivedAsync(MessageReceivedContext context)
+        {
+            if(!context.Request.Headers.ContainsKey("Authorization"))
+            {
+                context.Token = context.Request.Query["access_token"];
+            }
+
+            return Task.FromResult(0);
+        }
    }
 }