You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 22, 2018. It is now read-only.
@mkArtakMSFT I can make some project up, if you like, but essentially use
app.UseCors(cors => cors.SetIsOriginAllowedToAllowWildcardSubdomains()) anywhere, and then forge a POST with a header Origin: whatever-non-uir-you-like-here.
It boils down to missing this one in the code:
if (!Uri.IsWellFormedUriString(origin, UriKind.Absolute)) return true;
After Login with ADFS, Chrome produces an POST request to my ASP.net Application, with the following Contents:
Metadata
Request Headers
CorsPolicyExtension.IsOriginAnAllowedSubdomain
will now throw the following:Which happens, because origin, is
null
and still gets passed to the check function.Addendum:
Origin is not
null
as I triaged on my first try- it's"null"
- which might or might not be a bug in Chrome ...The text was updated successfully, but these errors were encountered: