Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UseCors must be called before UseResponseCaching #1106

Closed
lamLeX opened this issue Apr 29, 2021 · 3 comments · Fixed by #1111
Closed

UseCors must be called before UseResponseCaching #1106

lamLeX opened this issue Apr 29, 2021 · 3 comments · Fixed by #1111
Labels
bug Issues describing a bug or pull requests fixing a bug.

Comments

@lamLeX
Copy link

lamLeX commented Apr 29, 2021

Describe the bug

According to https://docs.microsoft.com/en-us/aspnet/core/performance/caching/middleware?view=aspnetcore-5.0
image

Project template

Api 6.2.1
@lamLeX lamLeX added the bug Issues describing a bug or pull requests fixing a bug. label Apr 29, 2021
@lamLeX
Copy link
Author

lamLeX commented Apr 29, 2021

Also, in https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0#set-the-allowed-origins
image

Is there any specific reason why this template relaxes all CORS security feature?

@RehanSaeed RehanSaeed mentioned this issue Apr 29, 2021
Merged
@RehanSaeed
Copy link
Member

Thanks for the bug. Looks like this is a recent change in documentation dotnet/aspnetcore#23218.

Fixed by #1111.

@RehanSaeed
Copy link
Member

Regarding AllowAnyOrigin and AllowCredentials, we don't specify both together in the template. We only enable AllowAnyOrigin because this is a common thing to do. Since this is a template, it's up to the developer to extend as they wish. With that said, we could introduce more secure defaults. What do you suggest?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Issues describing a bug or pull requests fixing a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

UseCors Must Come Before UseResponseCaching Dotnet-Boxed/Templates
2 participants
@RehanSaeed @lamLeX