DynamicCorsPolicy
CORS Policy with dynamic resolver allowing origins configured at the startup as well as others based on the implementation of the method. This will allow to check CORS Policies from eg. database or cache. Leverages Short-circuit evaluation and checks the method only in case of the origin missing from the one configured at startup. Based on default Asp .NET Core CORS package.
Install / Use
/learn @Mijalski/DynamicCorsPolicyREADME
About
Default ASP.NET Core Cors package does not allow to change CORS origins at runtime, this package allows to add custom implementation of CORS policy checking as a fallback when origin does not match any of the ones specified at startup. It can be used to retrieve origins from cache, database, file or to apply custom logic like allowing all when debug mode is on.
Installation
Use nuget to download the package.
Install-Package Mijalski.DynamicCorsPolicy
Usage
Firstly, create a class implementing interface IDynamicCorsPolicyResolver.
In Startup.ConfigureServices
replace: services.AddCors(); with services.AddDynamicCors<ExampleCorsPolicyResolver>(); and set policy name to: CorsPoliciesEnums.DynamicCorsPolicyName.
Lastly, in Startup.Configure
replace: app.UseCors(); with app.UseDynamicCorsMiddleware();.
Example
DynamicCorsPolicyResolver.cs:
public class DynamicCorsPolicyResolver : IDynamicCorsPolicyResolver
{
private readonly ICorsCache _corsCache;
public DynamicCorsPolicyResolver(ICorsCache corsCache)
{
_corsCache = corsCache;
}
public async Task<bool> ResolveForOrigin(string origin)
{
return await _corsCache.GetAsync(origin) != null;
}
}
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
// ...
services.AddDynamicCors<DynamicCorsPolicyResolver>(options =>
{
options.AddPolicy(name: CorsPoliciesEnums.DynamicCorsPolicyName, builder =>
{
builder.WithOrigins("http://localhost:4200");
});
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// ...
app.UseDynamicCorsMiddleware();
}
FAQ
Q: Will it be slower than regular CORS policy?
A: For origins specified at startup the speed will be the same, but for the external origins it will need to evaluate the custom logic written by you, as a part of ResolveForOrigin method.
Q: Is it based on ASP.NETCore CORS package?
A: Yes, it uses the same buildier and pipeline, but exposes an additional method to implement custom logic.
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
License
Related Skills
feishu-drive
338.7k|
things-mac
338.7kManage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme; read/search/list from the local Things database)
clawhub
338.7kUse the ClawHub CLI to search, install, update, and publish agent skills from clawhub.com
yu-ai-agent
1.9k编程导航 2025 年 AI 开发实战新项目,基于 Spring Boot 3 + Java 21 + Spring AI 构建 AI 恋爱大师应用和 ReAct 模式自主规划智能体YuManus,覆盖 AI 大模型接入、Spring AI 核心特性、Prompt 工程和优化、RAG 检索增强、向量数据库、Tool Calling 工具调用、MCP 模型上下文协议、AI Agent 开发(Manas Java 实现)、Cursor AI 工具等核心知识。用一套教程将程序员必知必会的 AI 技术一网打尽,帮你成为 AI 时代企业的香饽饽,给你的简历和求职大幅增加竞争力。
