Inject CORS middleware at specialization in Linux consumption. Resolves #4889

Author: kashimiz

src/WebJobs.Script.WebHost/Configuration/CorsOptionsSetup.cs

@@ -0,0 +1,41 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Cors.Infrastructure;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Configuration
+{
+    public class CorsOptionsSetup : IConfigureOptions<CorsOptions>
+    {
+        private readonly IEnvironment _env;
+        private readonly IOptions<HostCorsOptions> _hostCorsOptions;
+
+        public CorsOptionsSetup(IEnvironment env, IOptions<HostCorsOptions> hostCorsOptions)
+        {
+            _env = env;
+            _hostCorsOptions = hostCorsOptions;
+        }
+
+        public void Configure(CorsOptions options)
+        {
+            if (_env.IsLinuxConsumption() && _hostCorsOptions.Value != null)
+            {
+                string[] allowedOrigins = _hostCorsOptions.Value.AllowedOrigins?.ToArray() ?? Array.Empty<string>();
+                var policyBuilder = new CorsPolicyBuilder(allowedOrigins);
+
+                if (_hostCorsOptions.Value.SupportCredentials)
+                {
+                    policyBuilder = policyBuilder.AllowCredentials();
+                }
+
+                var policy = policyBuilder.Build();
+                options.AddDefaultPolicy(policy);
+            }
+        }
+    }
+}

src/WebJobs.Script.WebHost/Configuration/HostCorsOptions.cs

@@ -0,0 +1,14 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Configuration
+{
+    public class HostCorsOptions
+    {
+        public IEnumerable<string> AllowedOrigins { get; set; }
+
+        public bool SupportCredentials { get; set; }
+    }
+}

src/WebJobs.Script.WebHost/Configuration/HostCorsOptionsSetup.cs

@@ -0,0 +1,36 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Options;
+using Newtonsoft.Json;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Configuration
+{
+    public class HostCorsOptionsSetup : IConfigureOptions<HostCorsOptions>
+    {
+        private readonly IConfiguration _configuration;
+
+        public HostCorsOptionsSetup(IConfiguration configuration)
+        {
+            _configuration = configuration;
+        }
+
+        public void Configure(HostCorsOptions options)
+        {
+            var allowedOriginsString = _configuration.GetValue<string>(EnvironmentSettingNames.CorsAllowedOrigins);
+
+            IEnumerable<string> corsAllowedOrigins = Array.Empty<string>();
+            if (!string.IsNullOrWhiteSpace(allowedOriginsString))
+            {
+                corsAllowedOrigins = JsonConvert.DeserializeObject<IEnumerable<string>>(allowedOriginsString);
+            }
+            options.AllowedOrigins = corsAllowedOrigins;
+
+            var supportCredentialsString = _configuration.GetValue<bool?>(EnvironmentSettingNames.CorsSupportCredentials);
+            options.SupportCredentials = supportCredentialsString ?? false;
+        }
+    }
+}

src/WebJobs.Script.WebHost/Middleware/CorsConfigurationMiddleware.cs

@@ -0,0 +1,46 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Cors.Infrastructure;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Azure.WebJobs.Script.Middleware;
+using Microsoft.Azure.WebJobs.Script.WebHost.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Middleware
+{
+    public class CorsConfigurationMiddleware : IJobHostHttpMiddleware
+    {
+        private RequestDelegate _invoke;
+
+        public CorsConfigurationMiddleware(IOptions<HostCorsOptions> hostCorsOptions, ICorsMiddlewareFactory middlewareFactory)
+        {
+            RequestDelegate contextNext = async context =>
+            {
+                if (context.Items.Remove(ScriptConstants.CorsMiddlewareRequestDelegate, out object requestDelegate) && requestDelegate is RequestDelegate next)
+                {
+                    await next(context);
+                }
+            };
+
+            var corsMiddleware = middlewareFactory.CreateCorsMiddleware(contextNext, hostCorsOptions);
+            if (corsMiddleware != null)
+            {
+                _invoke = corsMiddleware.Invoke;
+            }
+            else
+            {
+                _invoke = contextNext;
+            }
+        }
+
+        public async Task Invoke(HttpContext context, RequestDelegate next)
+        {
+            context.Items.Add(ScriptConstants.CorsMiddlewareRequestDelegate, next);
+            await _invoke(context);
+        }
+    }
+}

src/WebJobs.Script.WebHost/Middleware/CorsMiddlewareFactory.cs

@@ -0,0 +1,35 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Linq;
+using Microsoft.AspNetCore.Cors.Infrastructure;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Azure.WebJobs.Script.WebHost.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Middleware
+{
+    public class CorsMiddlewareFactory : ICorsMiddlewareFactory
+    {
+        private readonly IOptions<CorsOptions> _corsOptions;
+
+        public CorsMiddlewareFactory(IOptions<CorsOptions> corsOptions)
+        {
+            _corsOptions = corsOptions;
+        }
+
+        public CorsMiddleware CreateCorsMiddleware(RequestDelegate next, IOptions<HostCorsOptions> corsOptions)
+        {
+            CorsMiddleware middleware = null;
+            if (corsOptions?.Value != null)
+            {
+                var corsService = new CorsService(_corsOptions);
+                var policy = _corsOptions.Value.GetPolicy(_corsOptions.Value.DefaultPolicyName);
+                middleware = new CorsMiddleware(next, corsService, policy);
+            }
+
+            return middleware;
+        }
+    }
+}

src/WebJobs.Script.WebHost/Middleware/ICorsMiddlewareFactory.cs

@@ -0,0 +1,15 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.Cors.Infrastructure;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Azure.WebJobs.Script.WebHost.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.Azure.WebJobs.Script.WebHost.Middleware
+{
+    public interface ICorsMiddlewareFactory
+    {
+        CorsMiddleware CreateCorsMiddleware(RequestDelegate next, IOptions<HostCorsOptions> corsOptions);
+    }
+}

src/WebJobs.Script.WebHost/Models/HostAssignmentContext.cs

@@ -110,6 +110,17 @@ public void ApplyAppSettings(IEnvironment environment)
             {
                 environment.SetEnvironmentVariable(pair.Key, pair.Value);
             }
+
+            if (CorsSettings != null)
+            {
+                environment.SetEnvironmentVariable(EnvironmentSettingNames.CorsSupportCredentials, CorsSettings.SupportCredentials.ToString());
+
+                if (CorsSettings.AllowedOrigins != null)
+                {
+                    var allowedOrigins = JsonConvert.SerializeObject(CorsSettings.AllowedOrigins);
+                    environment.SetEnvironmentVariable(EnvironmentSettingNames.CorsAllowedOrigins, allowedOrigins);
+                }
+            }
         }
     }
 }

src/WebJobs.Script.WebHost/WebScriptHostBuilderExtension.cs

@@ -38,6 +38,8 @@ public static IHostBuilder AddWebScriptHost(this IHostBuilder builder, IServiceP
                     services.ConfigureOptions<HttpOptionsSetup>();
                     services.ConfigureOptions<CustomHttpHeadersOptionsSetup>();
                     services.ConfigureOptions<HostHstsOptionsSetup>();
+                    services.ConfigureOptions<HostCorsOptionsSetup>();
+                    services.ConfigureOptions<CorsOptionsSetup>();
                 })
                 .AddScriptHost(webHostOptions, configLoggerFactory, metricsLogger, webJobsBuilder =>
                 {
@@ -84,6 +86,12 @@ public static IHostBuilder AddWebScriptHost(this IHostBuilder builder, IServiceP
                     services.TryAddSingleton<IJobHostMiddlewarePipeline, DefaultMiddlewarePipeline>();
                     services.TryAddEnumerable(ServiceDescriptor.Singleton<IJobHostHttpMiddleware, CustomHttpHeadersMiddleware>());
                     services.TryAddEnumerable(ServiceDescriptor.Singleton<IJobHostHttpMiddleware, HstsConfigurationMiddleware>());
+                    if (environment.IsLinuxConsumption())
+                    {
+                        services.AddCors();
+                        services.AddSingleton<ICorsMiddlewareFactory, CorsMiddlewareFactory>();
+                        services.TryAddEnumerable(ServiceDescriptor.Singleton<IJobHostHttpMiddleware, CorsConfigurationMiddleware>());
+                    }
                     services.TryAddSingleton<IScaleMetricsRepository, TableStorageScaleMetricsRepository>();
 
                     // Make sure the registered IHostIdProvider is used

src/WebJobs.Script/Environment/EnvironmentSettingNames.cs

@@ -82,5 +82,9 @@ public static class EnvironmentSettingNames
         public const string FunctionsSecretsPath = "FUNCTIONS_SECRETS_PATH";
         public const string FunctionsTestDataPath = "FUNCTIONS_TEST_DATA_PATH";
         public const string MeshInitURI = "MESH_INIT_URI";
+
+        // CORS settings
+        public const string CorsAllowedOrigins = "CORS_ALLOWED_ORIGINS";
+        public const string CorsSupportCredentials = "CORS_SUPPORT_CREDENTIALS";
     }
 }

src/WebJobs.Script/ScriptConstants.cs

@@ -21,6 +21,7 @@ public static class ScriptConstants
         public const string AzureFunctionsDuplicateHttpHeadersKey = "MS_AzureFunctionsDuplicateHttpHeaders";
         public const string JobHostMiddlewarePipelineRequestDelegate = "MS_JobHostMiddlewarePipelineRequestDelegate";
         public const string HstsMiddlewareRequestDelegate = "MS_HstsMiddlewareRequestDelegate";
+        public const string CorsMiddlewareRequestDelegate = "MS_CorsMiddlewareRequestDelegate";
 
         public const string LegacyPlaceholderTemplateSiteName = "FunctionsPlaceholderTemplateSite";