Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add CORS support for MiniProfiler

See original GitHub issue

Related to #332

MiniProfiler doesn’t work out of the box when the UI application is on a different origin to the API application due to missing CORS support. In order to get MiniProfiler working for an Angular application running from a different origin I had to set up the following:

  • Add CORS headers for MiniProfiler and handle OPTIONS requests so the MiniProfiler endpoints would succeed:
    app.Use(async (context, next) =>
{
    if (context.Request.Path.StartsWithSegments(new PathString("/profiler"))) // Must match RouteBasePath
    {
        if (context.Request.Headers.TryGetValue("Origin", out var origin))
        {
            context.Response.Headers.Add("Access-Control-Allow-Origin", origin);
            if (context.Request.Method == "OPTIONS")
            {
                context.Response.StatusCode = 200;
                context.Response.Headers.Add("Access-Control-Allow-Headers", "Content-Type");
                context.Response.Headers.Add("Access-Control-Allow-Methods", "OPTIONS, GET");
                await context.Response.CompleteAsync();
                return;
            }
        }
    }

    await next();
});
app.UseMiniProfiler();
  • Update our CORS policy to have .WithExposedHeaders("X-MiniProfiler-Ids"), otherwise X-MiniProfiler-Ids isn’t available to the MiniProfiler UI:
    services.AddCors(options =>
{
    options.AddPolicy("CorsPolicy",
        builder => builder
            .WithOrigins(...)
            .WithMethods(...)
            .AllowAnyHeader()
            .WithExposedHeaders("X-MiniProfiler-Ids"));
});
  • Add the MiniProfiler includes script to the UI application (data-path needed to include the host):
    <script async type="text/javascript" id="mini-profiler"
    src="http://localhost:15000/profiler/includes.min.js"
    data-path="http://localhost:15000/profiler/"
    data-position="Left"
    data-scheme="Light"
    data-controls="true"
    data-authorized="true"
></script>

Suggestions:

  • Add an option to UseMiniProfiler for setting a CORS policy for MiniProfiler
  • Add an extension method for CorsPolicyBuilder to Expose the X-MiniProfiler-Ids header
  • Update documentation with steps to support CORS including script snippet

I’d be happy to open up a PR for this issue if the suggestions are OK.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:9 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
NickCravercommented, Jul 3, 2020

@pmccloghrylaing That’s the part I mean about “maybe it’s not a bool” - maybe it’s something other type (e.g. list) to support multiple origins (and it not being there/null is “off”)…whatever format we need to add a policy correctly (not in front of a comp to check APIs atm) - that make sense?

0reactions
pmccloghrylaingcommented, Jul 15, 2020

I’ve added a draft PR that still needs testing. @NickCraver I’ve added a single property to options and the rest is taken care of by the middleware. I didn’t find that I could do much with IConfigureOptions<CorsOptions> as it only allows you to create or get named CORS policies - it doesn’t provide access to all policies.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Enable Cross-Origin Requests (CORS) in ASP.NET Core
Learn how CORS as a standard for allowing or rejecting cross-origin requests in an ASP.NET Core app.
Read more >
Miniprofiler with non-mvc .net core project and angular
Hi, I am using angular(9+) as frontend and .net core as backend. I have successfully implemented mini profiler in the backend and it...
Read more >
ASP.NET Core
Either use the NuGet UI to install MiniProfiler.AspNetCore.Mvc (which has all needed ... Edit your Startup.cs to add the middleware and configure options:....
Read more >
Built-in Mini Profiler
The profiler includes special support for SQL Profiling that can easily be enabled for OrmLite and Dapper by getting it to use a...
Read more >
MVC specific profiling not appearing in UI
I have added MiniProfiler to my ASP.NET Core Web API service. This service is called by a SPA application. The application passes a...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Disabling MiniProfiler header for specific endpoints

Next page

MiniProfiler silently fails when MemoryCache is used with a SizeLimit