Use constant values for CorsPolicy.cs and CorsPolicyBuilder.cs (#54247)

hamidrezahy · web-flow · commit 65f0f6720ab3 · 2024-06-07T16:08:13.000-07:00
diff --git a/src/Middleware/CORS/src/Infrastructure/CorsConstants.cs b/src/Middleware/CORS/src/Infrastructure/CorsConstants.cs
@@ -26,6 +26,16 @@ public static class CorsConstants
     /// </summary>
     public static readonly string AnyOrigin = "*";
 
+    /// <summary>
+    /// The value for the Access-Control-Allow-Headers response header to allow all headers.
+    /// </summary>
+    public static readonly string AnyHeader = "*";
+
+    /// <summary>
+    /// The value for the Access-Control-Allow-Methods response header to allow all methods.
+    /// </summary>
+    public static readonly string AnyMethod = "*";
+
     /// <summary>
     /// The Access-Control-Request-Method request header.
     /// </summary>
diff --git a/src/Middleware/CORS/src/Infrastructure/CorsPolicy.cs b/src/Middleware/CORS/src/Infrastructure/CorsPolicy.cs
@@ -30,7 +30,7 @@ public bool AllowAnyHeader
     {
         get
         {
-            if (Headers == null || Headers.Count != 1 || Headers[0] != "*")
+            if (Headers == null || Headers.Count != 1 || Headers[0] != CorsConstants.AnyHeader)
             {
                 return false;
             }
@@ -46,7 +46,7 @@ public bool AllowAnyMethod
     {
         get
         {
-            if (Methods == null || Methods.Count != 1 || Methods[0] != "*")
+            if (Methods == null || Methods.Count != 1 || Methods[0] != CorsConstants.AnyMethod)
             {
                 return false;
             }
@@ -62,7 +62,7 @@ public bool AllowAnyOrigin
     {
         get
         {
-            if (Origins == null || Origins.Count != 1 || Origins[0] != "*")
+            if (Origins == null || Origins.Count != 1 || Origins[0] != CorsConstants.AnyOrigin)
             {
                 return false;
             }
diff --git a/src/Middleware/CORS/src/Infrastructure/CorsPolicyBuilder.cs b/src/Middleware/CORS/src/Infrastructure/CorsPolicyBuilder.cs
@@ -171,7 +171,7 @@ public CorsPolicyBuilder AllowAnyOrigin()
     public CorsPolicyBuilder AllowAnyMethod()
     {
         _policy.Methods.Clear();
-        _policy.Methods.Add("*");
+        _policy.Methods.Add(CorsConstants.AnyMethod);
         return this;
     }
 
@@ -182,7 +182,7 @@ public CorsPolicyBuilder AllowAnyMethod()
     public CorsPolicyBuilder AllowAnyHeader()
     {
         _policy.Headers.Clear();
-        _policy.Headers.Add("*");
+        _policy.Headers.Add(CorsConstants.AnyHeader);
         return this;
     }
 
diff --git a/src/Middleware/CORS/src/PublicAPI.Unshipped.txt b/src/Middleware/CORS/src/PublicAPI.Unshipped.txt
@@ -1 +1,3 @@
 #nullable enable
+static readonly Microsoft.AspNetCore.Cors.Infrastructure.CorsConstants.AnyHeader -> string!
+static readonly Microsoft.AspNetCore.Cors.Infrastructure.CorsConstants.AnyMethod -> string!
diff --git a/src/Middleware/CORS/test/UnitTests/CorsServiceTests.cs b/src/Middleware/CORS/test/UnitTests/CorsServiceTests.cs
@@ -339,7 +339,7 @@ public void EvaluatePolicy_CaseInsensitivePreflightRequest_OriginAllowed_Returns
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
         policy.Origins.Add("http://example.com");
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -361,7 +361,7 @@ public void EvaluatePolicy_PreflightRequest_IsOriginAllowedReturnsTrue_ReturnsOr
         {
             IsOriginAllowed = origin => true
         };
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -381,7 +381,7 @@ public void EvaluatePolicy_PreflightRequest_SupportsCredentials_AllowCredentials
             SupportsCredentials = true
         };
         policy.Origins.Add("http://example.com");
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -401,7 +401,7 @@ public void EvaluatePolicy_PreflightRequest_NoPreflightMaxAge_NoPreflightMaxAgeS
             PreflightMaxAge = null
         };
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -421,7 +421,7 @@ public void EvaluatePolicy_PreflightRequest_PreflightMaxAge_PreflightMaxAgeSet()
             PreflightMaxAge = TimeSpan.FromSeconds(10)
         };
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -438,7 +438,7 @@ public void EvaluatePolicy_PreflightRequest_AnyMethod_ReturnsRequestMethod()
         var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "GET");
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -478,8 +478,8 @@ public void EvaluatePolicy_PreflightRequest_NoHeadersRequested_AllowedAllHeaders
         var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT");
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
-        policy.Headers.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
+        policy.Headers.Add(CorsConstants.AnyHeader);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -501,8 +501,8 @@ public void EvaluatePolicy_PreflightRequest_AllowAllHeaders_ReflectsRequestHeade
             accessControlRequestHeaders: new[] { "foo", "bar" });
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
-        policy.Headers.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
+        policy.Headers.Add(CorsConstants.AnyHeader);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -524,7 +524,7 @@ public void EvaluatePolicy_PreflightRequest_HeadersRequested_NotAllHeaderMatches
             accessControlRequestHeaders: new[] { "match", "noMatch" });
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
         policy.Headers.Add("match");
         policy.Headers.Add("foo");
 
@@ -544,8 +544,8 @@ public void EvaluatePolicy_PreflightRequest_WithCredentials_ReflectsHeaders()
         var httpContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT");
         var policy = new CorsPolicy();
         policy.Origins.Add("http://example.com");
-        policy.Methods.Add("*");
-        policy.Headers.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
+        policy.Headers.Add(CorsConstants.AnyHeader);
         policy.SupportsCredentials = true;
 
         // Act

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ public bool AllowAnyHeader`
`30`	`30`	`{`
`31`	`31`	`get`
`32`	`32`	`{`
`33`		`- if (Headers == null \|\| Headers.Count != 1 \|\| Headers[0] != "*")`
	`33`	`+ if (Headers == null \|\| Headers.Count != 1 \|\| Headers[0] != CorsConstants.AnyHeader)`
`34`	`34`	`{`
`35`	`35`	`return false;`
`36`	`36`	`}`
`@@ -46,7 +46,7 @@ public bool AllowAnyMethod`
`46`	`46`	`{`
`47`	`47`	`get`
`48`	`48`	`{`
`49`		`- if (Methods == null \|\| Methods.Count != 1 \|\| Methods[0] != "*")`
	`49`	`+ if (Methods == null \|\| Methods.Count != 1 \|\| Methods[0] != CorsConstants.AnyMethod)`
`50`	`50`	`{`
`51`	`51`	`return false;`
`52`	`52`	`}`
`@@ -62,7 +62,7 @@ public bool AllowAnyOrigin`
`62`	`62`	`{`
`63`	`63`	`get`
`64`	`64`	`{`
`65`		`- if (Origins == null \|\| Origins.Count != 1 \|\| Origins[0] != "*")`
	`65`	`+ if (Origins == null \|\| Origins.Count != 1 \|\| Origins[0] != CorsConstants.AnyOrigin)`
`66`	`66`	`{`
`67`	`67`	`return false;`
`68`	`68`	`}`
Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,7 @@ public CorsPolicyBuilder AllowAnyOrigin()`
`171`	`171`	`public CorsPolicyBuilder AllowAnyMethod()`
`172`	`172`	`{`
`173`	`173`	`_policy.Methods.Clear();`
`174`		`- _policy.Methods.Add("*");`
	`174`	`+ _policy.Methods.Add(CorsConstants.AnyMethod);`
`175`	`175`	`return this;`
`176`	`176`	`}`
`177`	`177`
`@@ -182,7 +182,7 @@ public CorsPolicyBuilder AllowAnyMethod()`
`182`	`182`	`public CorsPolicyBuilder AllowAnyHeader()`
`183`	`183`	`{`
`184`	`184`	`_policy.Headers.Clear();`
`185`		`- _policy.Headers.Add("*");`
	`185`	`+ _policy.Headers.Add(CorsConstants.AnyHeader);`
`186`	`186`	`return this;`
`187`	`187`	`}`
`188`	`188`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`#nullable enable`
	`2`	`+static readonly Microsoft.AspNetCore.Cors.Infrastructure.CorsConstants.AnyHeader -> string!`
	`3`	`+static readonly Microsoft.AspNetCore.Cors.Infrastructure.CorsConstants.AnyMethod -> string!`