Merge pull request #95 from PandaTechAM/development

HaikAsatryan · web-flow · commit f446f9f839f1 · 2026-03-09T11:46:09.000+04:00
Cors header fix
diff --git a/src/SharedKernel/Extensions/CorsExtensions.cs b/src/SharedKernel/Extensions/CorsExtensions.cs
@@ -7,6 +7,8 @@ namespace SharedKernel.Extensions;
 
 public static class CorsExtensions
 {
+   private static readonly string[] ExposedHeaders = ["Content-Disposition"];
+
    public static WebApplicationBuilder AddCors(this WebApplicationBuilder builder)
    {
       if (builder.Environment.IsProduction())
@@ -21,7 +23,8 @@ public static WebApplicationBuilder AddCors(this WebApplicationBuilder builder)
                  .WithOrigins(allowedOrigins)
                  .AllowCredentials()
                  .AllowAnyMethod()
-                 .AllowAnyHeader()));
+                 .AllowAnyHeader()
+                 .WithExposedHeaders(ExposedHeaders)));
       }
       else
       {
@@ -30,7 +33,8 @@ public static WebApplicationBuilder AddCors(this WebApplicationBuilder builder)
                  .SetIsOriginAllowed(_ => true)
                  .AllowCredentials()
                  .AllowAnyMethod()
-                 .AllowAnyHeader()));
+                 .AllowAnyHeader()
+                 .WithExposedHeaders(ExposedHeaders)));
       }
 
       return builder;
@@ -45,28 +49,21 @@ public static WebApplication UseCors(this WebApplication app)
    private static string[] SplitOrigins(this string input)
    {
       if (string.IsNullOrWhiteSpace(input))
-      {
-         throw new ArgumentException("Cors Origins cannot be null or empty.");
-      }
-
-      var result = input.Split([';', ','], StringSplitOptions.RemoveEmptyEntries);
-
-      for (var i = 0; i < result.Length; i++)
-      {
-         result[i] = result[i]
-            .Trim();
-
-         if (ValidationHelper.IsUri(result[i], false))
-         {
-            continue;
-         }
-
-         Console.WriteLine($"Removed invalid cors origin: {result[i]}");
-         result[i] = string.Empty;
-      }
-
-      return result.Where(x => !string.IsNullOrEmpty(x))
-                   .ToArray();
+         throw new ArgumentException("CORS origins cannot be null or empty.", nameof(input));
+
+      return input
+             .Split([';', ','], StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries)
+             .Where(origin =>
+             {
+                if (ValidationHelper.IsUri(origin, false))
+                {
+                   return true;
+                }
+
+                Console.WriteLine($"Removed invalid CORS origin: {origin}");
+                return false;
+             })
+             .ToArray();
    }
 
    private static string[] EnsureWwwAndNonWwwVersions(this string[] uris)
@@ -75,39 +72,24 @@ private static string[] EnsureWwwAndNonWwwVersions(this string[] uris)
 
       foreach (var uri in uris)
       {
-         if (!Uri.TryCreate(uri, UriKind.Absolute, out var parsedUri))
-         {
-            continue;
-         }
-
-         var uriString = parsedUri.ToString()
-                                  .TrimEnd('/');
-
-         result.Add(uriString);
-
+         if (!Uri.TryCreate(uri, UriKind.Absolute, out var parsed)) continue;
 
-         var hostWithoutWww = parsedUri.Host.StartsWith("www.")
-            ? parsedUri.Host.Substring(4)
-            : parsedUri.Host;
+         var bare = parsed.Host.StartsWith("www.", StringComparison.OrdinalIgnoreCase)
+            ? parsed.Host[4..]
+            : parsed.Host;
 
-         var uriWithoutWww = new UriBuilder(parsedUri)
-            {
-               Host = hostWithoutWww
-            }.Uri
-             .ToString()
-             .TrimEnd('/');
-
-         var uriWithWww = new UriBuilder(parsedUri)
-            {
-               Host = "www." + hostWithoutWww
-            }.Uri
-             .ToString()
-             .TrimEnd('/');
-
-         result.Add(uriWithoutWww);
-         result.Add(uriWithWww);
+         result.Add(BuildOrigin(parsed, bare));
+         result.Add(BuildOrigin(parsed, "www." + bare));
       }
 
-      return new List<string>(result).ToArray();
+      return [..result];
    }
+
+   private static string BuildOrigin(Uri source, string host) =>
+      new UriBuilder(source)
+         {
+            Host = host
+         }.Uri
+          .ToString()
+          .TrimEnd('/');
 }
diff --git a/src/SharedKernel/SharedKernel.csproj b/src/SharedKernel/SharedKernel.csproj
@@ -21,8 +21,8 @@
         <PackageIcon>pandatech.png</PackageIcon>
         <PackageReadmeFile>README.md</PackageReadmeFile>
 
-        <Version>2.2.2</Version>
-        <PackageReleaseNotes>Request and Response logging modernized and has extreme perf boost for logging</PackageReleaseNotes>
+        <Version>2.2.3</Version>
+        <PackageReleaseNotes>Cors now will start to expose Content-Disposition header</PackageReleaseNotes>
 
         <GenerateDocumentationFile>true</GenerateDocumentationFile>
         <IncludeSymbols>true</IncludeSymbols>
@@ -71,7 +71,7 @@
         <PackageReference Include="Pandatech.FluentMinimalApiMapper" Version="4.0.0"/>
         <PackageReference Include="Pandatech.PandaVaultClient" Version="6.0.0"/>
         <PackageReference Include="Pandatech.ResponseCrafter" Version="7.0.0"/>
-        <PackageReference Include="Scalar.AspNetCore" Version="2.12.50"/>
+        <PackageReference Include="Scalar.AspNetCore" Version="2.13.1" />
         <PackageReference Include="Serilog.AspNetCore" Version="10.0.0"/>
         <PackageReference Include="Serilog.Sinks.Async" Version="2.1.0"/>
         <PackageReference Include="Serilog.Sinks.Grafana.Loki" Version="8.3.2"/>
