feat: add AnyHeaders and AnyMethods cors constants

src/Middleware/CORS/src/Infrastructure/CorsConstants.cs

@@ -26,6 +26,16 @@ public static class CorsConstants
     /// </summary>
     public static readonly string AnyOrigin = "*";
 
+    /// <summary>
+    /// The value for the Access-Control-Allow-Methods response header to allow all headers.
+    /// </summary>
+    public static readonly string AnyHeader = "*";
+
+    /// <summary>
+    /// The value for the Access-Control-Allow-Methods response header to allow all methods.
+    /// </summary>
+    public static readonly string AnyMethod = "*";
+
     /// <summary>
     /// The Access-Control-Request-Method request header.
     /// </summary>

src/Middleware/CORS/src/Infrastructure/CorsPolicyBuilder.cs

@@ -171,7 +171,7 @@ public CorsPolicyBuilder AllowAnyOrigin()
     public CorsPolicyBuilder AllowAnyMethod()
     {
         _policy.Methods.Clear();
-        _policy.Methods.Add("*");
+        _policy.Methods.Add(CorsConstants.AnyMethod);
         return this;
     }
 
@@ -182,7 +182,7 @@ public CorsPolicyBuilder AllowAnyMethod()
     public CorsPolicyBuilder AllowAnyHeader()
     {
         _policy.Headers.Clear();
-        _policy.Headers.Add("*");
+        _policy.Headers.Add(CorsConstants.AnyHeader);
         return this;
     }
 

src/Middleware/CORS/test/UnitTests/CorsServiceTests.cs

@@ -339,7 +339,7 @@ public void EvaluatePolicy_CaseInsensitivePreflightRequest_OriginAllowed_Returns
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
         policy.Origins.Add("http://example.com");
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -361,7 +361,7 @@ public void EvaluatePolicy_PreflightRequest_IsOriginAllowedReturnsTrue_ReturnsOr
         {
             IsOriginAllowed = origin => true
         };
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -381,7 +381,7 @@ public void EvaluatePolicy_PreflightRequest_SupportsCredentials_AllowCredentials
             SupportsCredentials = true
         };
         policy.Origins.Add("http://example.com");
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -401,7 +401,7 @@ public void EvaluatePolicy_PreflightRequest_NoPreflightMaxAge_NoPreflightMaxAgeS
             PreflightMaxAge = null
         };
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -421,7 +421,7 @@ public void EvaluatePolicy_PreflightRequest_PreflightMaxAge_PreflightMaxAgeSet()
             PreflightMaxAge = TimeSpan.FromSeconds(10)
         };
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -438,7 +438,7 @@ public void EvaluatePolicy_PreflightRequest_AnyMethod_ReturnsRequestMethod()
         var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "GET");
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -478,8 +478,8 @@ public void EvaluatePolicy_PreflightRequest_NoHeadersRequested_AllowedAllHeaders
         var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT");
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
-        policy.Headers.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
+        policy.Methods.Add(CorsConstants.AnyHeader);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -501,8 +501,8 @@ public void EvaluatePolicy_PreflightRequest_AllowAllHeaders_ReflectsRequestHeade
             accessControlRequestHeaders: new[] { "foo", "bar" });
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
-        policy.Headers.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
+        policy.Headers.Add(CorsConstants.AnyHeader);
 
         // Act
         var result = corsService.EvaluatePolicy(requestContext, policy);
@@ -524,7 +524,7 @@ public void EvaluatePolicy_PreflightRequest_HeadersRequested_NotAllHeaderMatches
             accessControlRequestHeaders: new[] { "match", "noMatch" });
         var policy = new CorsPolicy();
         policy.Origins.Add(CorsConstants.AnyOrigin);
-        policy.Methods.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
         policy.Headers.Add("match");
         policy.Headers.Add("foo");
 
@@ -544,8 +544,8 @@ public void EvaluatePolicy_PreflightRequest_WithCredentials_ReflectsHeaders()
         var httpContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT");
         var policy = new CorsPolicy();
         policy.Origins.Add("http://example.com");
-        policy.Methods.Add("*");
-        policy.Headers.Add("*");
+        policy.Methods.Add(CorsConstants.AnyMethod);
+        policy.Headers.Add(CorsConstants.AnyHeader);
         policy.SupportsCredentials = true;
 
         // Act