Custom Cors Policy Service not being invoked

[sanjeev-saxena-us]

Environment:
.net8
Duende.IdentityServer 7.2.3

It appears that registering a custom CORS policy service is not being invoked; things I've tried (including what has been documented here):

services.AddTransient<ICorsPolicyService, CustomPolicyService>();

public class CustomPolicyService(ILogger<CustomPolicyService> logger) : ICorsPolicyService
{
    private readonly ILogger<CustomPolicyService> _logger = logger ?? throw new ArgumentNullException(nameof(logger));

    public Task<bool> IsOriginAllowedAsync(string origin)
    {
        this._logger.LogDebug($"Allowing Cors for origin {origin}");
        return Task.FromResult(true);
    }
}

services.AddSingleton<ICorsPolicyService>((container) =>
  {
      var logger = container.GetRequiredService<ILogger<DefaultCorsPolicyService>>();

      return new DefaultCorsPolicyService(logger)
      {
          AllowAll = true,
      };
  });

Followed by:

services.AddIdentityServer()
     .AddCorsPolicyService<CustomPolicyService>();

Including/excluding the .AddCorsPolicyService() makes no difference.
I do not see any logs from the 1st CustomPolicyService.
In the 2nd option, have also have a breakpoint at the line return new DefaultCorsPolicyService(logger)... which never gets hit.

This is blocking me from moving forward (Browser based Edge, Chrome, FF makes no difference). Not using Postman.
Thoughts?

[khalidabuhakmeh]

Hey @sanjeev-saxena-us, what you have should work. I verified it triggers the CORS policy, but you need to issue the request from a JavaScript client from a different origin.

Follow these instructions. Create a new Vite application (or JavaScript app).

npm create vite@latest cors-tester -- --template vanilla

then in main.js add the following line of JavaScript to call your IdentityServer instance.

var response = await fetch('https://localhost:5001/.well-known/openid-configuration');

In your IdentityServer instance, you should see that the CorsPolicyService is invoked. Here is my registration.

builder.Services.AddTransient<ICorsPolicyService>((container) =>
{
    var logger = container.GetRequiredService<ILogger<DefaultCorsPolicyService>>();
    logger.LogInformation("Creating CORS policy service");
    return new DefaultCorsPolicyService(logger)
    {
        AllowAll = true
    };
});

And here is the output in my logs.

Your HTTP request requires that the initial request set the Origin header.

Hope this helps,

Khalid Abuhakmeh