public async Task Invoke(HttpContext context,
ICorsService corsService,
ICorsPolicyProvider policyProvider,
IAllowedOriginsProvider allowedOriginsProvider)
{
if (context.Request.Headers.ContainsKey(CorsConstants.Origin))
{
var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod];
var isPreflight = IsPreflight(context, accessControlRequestMethod);
var corsPolicy = await GetPolicy(context, isPreflight, policyProvider, allowedOriginsProvider);
if (corsPolicy != null)
{
var corsResult = corsService.EvaluatePolicy(context, corsPolicy);
corsService.ApplyResult(corsResult, context.Response);
if (isPreflight)
{
context.Response.StatusCode = StatusCodes.Status204NoContent;
return;
}
}
}
await Next(context);
}
private async Task <CorsPolicy> GetPolicy(HttpContext context, bool isPreflight, ICorsPolicyProvider policyProvider, IAllowedOriginsProvider allowedOriginsProvider)
{
if (isPreflight && await allowedOriginsProvider.IsOriginAvailable(context.Request.Headers[IdentityIssuerHeaders.OriginHeader]))
{
return(await policyProvider.GetPolicyAsync(context, PolicyConstants.PreflightPolicy));
}
else if (context.Request.Headers.ContainsKey(IdentityIssuerHeaders.TenantHeader))
{
return(await policyProvider.GetPolicyAsync(context, context.Request.Headers[IdentityIssuerHeaders.TenantHeader]));
}
else
{
return(null);
}
}
