You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: astro/src/content/docs/identityserver/tokens/cors.md
-26Lines changed: 0 additions & 26 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -72,32 +72,6 @@ Use `AllowAll` with caution.
72
72
73
73
## Mixing IdentityServer's CORS Policy With ASP.NET Core's CORS Policies
74
74
75
-
IdentityServer uses the CORS middleware from ASP.NET Core to provide its CORS implementation.
76
-
It is possible that your application that hosts IdentityServer might also require CORS for its own custom endpoints.
77
-
In general, both should work together in the same application, providing the call to `app.UseCors("mypolicy");` is
78
-
called after the call to `app.UseIdentityServer();`.
79
-
80
-
Your code should use the documented CORS features from ASP.NET Core without regard to IdentityServer.
81
-
This means you should define policies and register the middleware as normal.
82
-
If your application defines policies in `ConfigureServices`, then those should continue to work in the same places you
83
-
are using them (either where you configure the CORS middleware or where you use the MVC `EnableCors` attributes in your
84
-
controller code).
85
-
If instead you define an inline policy in the use of the CORS middleware (via the policy builder callback), then that
86
-
too should continue to work normally.
87
-
88
-
The one scenario where there might be a conflict between your use of the ASP.NET Core CORS services and IdentityServer
89
-
is if you decide to create a custom `ICorsPolicyProvider`.
90
-
Given the design of the ASP.NET Core's CORS services and middleware, IdentityServer implements its own custom
91
-
`ICorsPolicyProvider` and registers it in the ASP.NET Core service provider.
92
-
Fortunately, the IdentityServer implementation is designed to use the decorator pattern to wrap any existing
93
-
`ICorsPolicyProvider` that is already registered in the service provider.
94
-
What this means is that you can also implement the `ICorsPolicyProvider`, but it needs to be registered prior to
95
-
IdentityServer in the service provider (e.g. in `ConfigureServices`).
96
-
97
-
:::note
98
-
IdentityServer requires a `ICorsPolicyService` implementation to control CORS for the endpoints it hosts, like the [OIDC Token](/identitymodel/endpoints/token.md) and [OIDC UserInfo](/identitymodel/endpoints/userinfo.md) endpoints. If you prefer to use ASP.NET Core's CORS Policy programming model, you will also need to add a `ICorsPolicyService` implementation for any CORS settings on the IdentityServer endpoints.
99
-
## Mixing IdentityServer's CORS Policy With ASP.NET Core's CORS Policies
100
-
101
75
Duende IdentityServer builds upon the standard ASP.NET Core CORS middleware. If your application needs to support CORS for both IdentityServer endpoints and your own custom API endpoints, they can coexist by following these integration rules.
0 commit comments