AdvantageCSP Client API
AdvantageCMS.Core.Admin Namespace
AdvantageCMS.Core.Admin.BaseClasses Namespace
AdvantageCMS.Core.Admin.BaseClasses.ControlSettings Namespace
AdvantageCMS.Core.Admin.BusinessEntity Namespace
AdvantageCMS.Core.Admin.Engine Namespace
AdvantageCMS.Core.Admin.Enums Namespace
AdvantageCMS.Core.Admin.Event Namespace
AdvantageCMS.Core.Admin.Interfaces Namespace
AdvantageCMS.Core.Common Namespace
AdvantageCMS.Core.Common.AsyncJob Namespace
AdvantageCMS.Core.Common.BaseClasses Namespace
AdvantageCMS.Core.Common.BaseClasses.Handler Namespace
AdvantageCMS.Core.Common.BaseClasses.Webhook Namespace
AdvantageCMS.Core.Common.BusinessEntity Namespace
AdvantageCMS.Core.Common.Engine Namespace
AdvantageCMS.Core.Common.Enums Namespace
AdvantageCMS.Core.Common.Extension Namespace
AdvantageCMS.Core.Common.Interfaces Namespace
AdvantageCMS.Core.Common.SitemapGenerator Namespace
AdvantageCMS.Core.Keyoti Namespace
AdvantageCMS.Core.Resource Namespace
AdvantageCMS.Core.Routing Namespace
AdvantageCMS.Core.SMTP Namespace
AdvantageCMS.Core.Utils Namespace
AdvantageCMS.Core.Utils.Cache Namespace
AdvantageCMS.Core.Utils.Cache.Containers Namespace
AdvantageCMS.Core.Utils.Parser Namespace
AdvantageCMS.Data Namespace
AdvantageCMS.Data.Interfaces Namespace
AdvantageCMS.Web.UI Namespace
AdvantageCMS.Web.UI.Admin Namespace
AdvantageCMS.Web.UI.Admin.Selectors Namespace
AdvantageCMS.Web.UI.Admin.Tools Namespace
AdvantageCMS.Web.UI.Helpers Namespace
AdvantageCSP.AdvantageAPI Namespace
AdvantageCSP.API Namespace
AdvantageCSP.Core.HierarchicalList Namespace
AdvantageCSP.HierarchicalModelDataSource Namespace
AdvantageCSP.Keyoti.SiteIndexer Namespace
AdvantageCSP.Snipcart Namespace
AdvantageCSP.Snipcart.Engine Namespace
AdvantageCSP.Snipcart.Enums Namespace
AdvantageCSP.Snipcart.Interfaces Namespace
Advantage CSP

Using AdvantageApiCorsPolicyProvider to Manage CORS Policies

This guide explains how to use the to manage Cross-Origin Resource Sharing (CORS) policies in API endpoints by dynamically configuring allowed origins.

Developers can implement this by decorating their API controllers or specific actions with the attribute.

C#
public class MyCorsPolicyProvider : AdvantageApiCorsPolicyProviderBase
{
    public override async Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        var policy = new CorsPolicy
        {
            AllowAnyHeader = true,
            AllowAnyMethod = true,
            SupportsCredentials = true
        };

        if (request.Headers.Contains("Origin"))
        {
            var origins = GetAllowedOrigins();
            if (orgins!=null){
                foreach (var origin in origins)
                policy.Origins.Add(origin);
            }
        }

        return policy;
    }

    private IEnumerable<string> GetAllowedOrigins()
    {
        var originsConfig = System.Configuration.ConfigurationManager.AppSettings["AllowedOrigins"];
        return !string.IsNullOrEmpty(originsConfig) ? originsConfig.Split(',') : null;
    }
}

C#
[AdvantageApiCorsPolicy(typeof(MyCorsPolicyProvider))]
public class SecureController : AdvantageApiControllerBase
{
    public IHttpActionResult GetSecureData()
    {
        return Ok("Access granted to secure data.");
    }
}

The EXAMPLE CORS policy ensures that only the allowed origins can access the API, based on the values specified in the Web.config. Below is an example implementation of how the allowed origins are retrieved and applied to the CORS policy:

XML
<appSettings>
    <add key="AllowedOrigins" value="https://example.com, https://anotherdomain.com" />
</appSettings>

This configuration ensures that only requests from the specified origins are allowed to access your API, improving security by preventing unauthorized access.