From d3474389f5f8b5cdb9f23adb6ca86d70c1c58d94 Mon Sep 17 00:00:00 2001
From: Abrynos <6608231+Abrynos@users.noreply.github.com>
Date: Sun, 28 Oct 2018 21:45:10 +0100
Subject: [PATCH] Add CORS (#930)
* Add CORS for users with set IPCPassword
* Use newest preview Version of Microsoft.AspNetCore.Cors and Fix comments
* Fix typo
---
ArchiSteamFarm/ArchiSteamFarm.csproj | 1 +
ArchiSteamFarm/IPC/Startup.cs | 15 +++++++++++++++
2 files changed, 16 insertions(+)
diff --git a/ArchiSteamFarm/ArchiSteamFarm.csproj b/ArchiSteamFarm/ArchiSteamFarm.csproj
index 6ab4553a7..976069ce9 100644
--- a/ArchiSteamFarm/ArchiSteamFarm.csproj
+++ b/ArchiSteamFarm/ArchiSteamFarm.csproj
@@ -42,6 +42,7 @@
+
diff --git a/ArchiSteamFarm/IPC/Startup.cs b/ArchiSteamFarm/IPC/Startup.cs
index 424af687a..8c29813a7 100644
--- a/ArchiSteamFarm/IPC/Startup.cs
+++ b/ArchiSteamFarm/IPC/Startup.cs
@@ -58,6 +58,10 @@ namespace ArchiSteamFarm.IPC {
if (!string.IsNullOrEmpty(Program.GlobalConfig.IPCPassword)) {
// We need ApiAuthenticationMiddleware for IPCPassword
app.UseWhen(context => context.Request.Path.StartsWithSegments("/Api", StringComparison.OrdinalIgnoreCase), appBuilder => appBuilder.UseMiddleware());
+
+ // We want to apply CORS policy in order to allow userscripts and other third-party integrations to communicate with ASF API
+ // We apply CORS policy only with IPCPassword set as extra authentication measure
+ app.UseCors();
}
// We need WebSockets support for /Api/Log
@@ -91,6 +95,17 @@ namespace ArchiSteamFarm.IPC {
// Add support for response compression
services.AddResponseCompression();
+ // Add CORS to allow userscripts and third-party apps
+ services.AddCors(
+ builder => {
+ builder.AddDefaultPolicy(
+ policyBuilder => {
+ policyBuilder.AllowAnyOrigin();
+ }
+ );
+ }
+ );
+
// Add swagger documentation generation
services.AddSwaggerGen(
c => {