Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CORS on swagger.json endpoint only #2078

Open
cyrildurand opened this issue Apr 6, 2021 · 3 comments
Open

Allow CORS on swagger.json endpoint only #2078

cyrildurand opened this issue Apr 6, 2021 · 3 comments
Labels
help-wanted A change up for grabs for contributions from the community p2 Medium priority

Comments

@cyrildurand
Copy link

I can't find a way to enable CORS on the swagger.json endpoint only whithout applying CORS for whole API.

I read the documentation here : https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1#enable-cors-with-attributes and I understand how I can enable cors for the whole API including the swagger.json endpoint but my external application only need to access my swagger.json definition.

It would be a nice feature if we can specify the CORS policy for the swagger.json endpoint :

something like

 app.UseSwagger(c => {
     c.EnableCors("MyCorsPolicy"); 
 });

or maybe

 app.UseSwagger(c => {
     c.AddMetadataEndpoint(new EnableCorsAttribute("MyCorsPolicy")) 
 });

This question has also been posted on stackoverflow here : https://stackoverflow.com/questions/60232282/add-cors-policy-for-swagger-endpoints-only
@wu-yafeng wu-yafeng mentioned this issue Apr 22, 2021
Closed
@wu-yafeng
Copy link
Contributor

I create a pr for this.

before merged, the solution is creating a extensions method.

public static IEndpointConventionBuilder MapSwagger(
            this IEndpointRouteBuilder endpoints,
            string pattern = "/swagger/{documentName}/swagger.json",
            Action<SwaggerEndpointOptions> setupAction = null)
        {
            if (!RoutePatternFactory.Parse(pattern).Parameters.Any(x => x.Name == "documentName"))
            {
                throw new ArgumentException("Pattern must contain '{documentName}' parameter", nameof(pattern));
            }

            Action<SwaggerOptions> endpointSetupAction = options =>
            {
                var endpointOptions = new SwaggerEndpointOptions();

                setupAction?.Invoke(endpointOptions);

                options.RouteTemplate = pattern;
                options.SerializeAsV2 = endpointOptions.SerializeAsV2;
                options.PreSerializeFilters.AddRange(endpointOptions.PreSerializeFilters);
            };

            var pipeline = endpoints.CreateApplicationBuilder()
                .UseSwagger(endpointSetupAction)
                .Build();

            return endpoints.MapGet(pattern, pipeline);
        }

Update your Startup.cs

app.UseEnpoint(endpoint=>{
    endpoint.MapSwagger().RequireCors();
});

@cyrildurand
Copy link
Author

Thanks for your reply and pull request.

I finally took time to test your extension method and everything work.

@domaindrivendev domaindrivendev added this to the vNext milestone Aug 30, 2021
@domaindrivendev domaindrivendev removed this from the vNext milestone Feb 8, 2022
@domaindrivendev domaindrivendev added the p2 Medium priority label Feb 8, 2022
@sanme98
Copy link

sanme98 commented Mar 8, 2023

Hi, can you share your sample code? I can't make it work. Thanks.

@martincostello martincostello added the help-wanted A change up for grabs for contributions from the community label May 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help-wanted A change up for grabs for contributions from the community p2 Medium priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@domaindrivendev @martincostello @cyrildurand @sanme98 @wu-yafeng