private void MapHeaders(Response response, IHeaderDictionary responseHeaders)
{
foreach (var header in response.Headers)
{
responseHeaders.AppendCommaSeparatedValues(header.Key, header.Value.ToArray());
}
}
public void AppendComaSeperatedValues_QuotesJoinsAppends()
{
IHeaderDictionary headers = CreateHeaders(CustomHeaderRawValues);
headers.AppendCommaSeparatedValues(CustomHeaderKey, "vA, vB", "vC");
IList <string> values = headers.GetValues(CustomHeaderKey);
Assert.Equal(new[] { CustomHeaderJoinedValues + ",\"vA, vB\",vC" }, values);
}
private static void DecodeHeaders(IHeaderDictionary headers, TextReader textReader)
{
string line;
while (!string.IsNullOrEmpty(line = textReader.ReadLine()))
{
var keyEnd = line.IndexOf(": ");
var key = line.Substring(0, keyEnd);
var values = line.Substring(keyEnd + 2, line.Length - 2 - keyEnd);
if (values[0] == '"')
{
headers.AppendCommaSeparatedValues(key, values);
}
else
{
headers.Add(key, values);
}
}
}
public override void Handle(HttpContext context, CancellationToken cancel)
{
HttpRequest request = context.Request;
IHeaderDictionary headers = request.Headers;
if (headers.ContainsKey(CorsConstants.Origin))
{
HttpResponse response = context.Response;
IHeaderDictionary responseHeaders = response.Headers;
string origin = headers[CorsConstants.Origin];
List <string> writeHeaders;
if (string.Equals(request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) && !headers.IsNullOrEmpty(CorsConstants.AccessControlRequestMethod))
{
//preflight
if (!(StringValues.IsNullOrEmpty(origin) || !this.options.AllowAnyOrigin && !this.options.Origins.Contains(origin)))
{
string accessControlRequestMethod = headers[CorsConstants.AccessControlRequestMethod];
if (!this.options.AllowAnyVerb)
{
bool found = false;
foreach (HttpVerbs curVerb in this.options.Verbs)
{
if (curVerb.ToString().Equals(accessControlRequestMethod, StringComparison.OrdinalIgnoreCase))
{
found = true;
break;
}
}
if (found)
{
string[] accessControlRequestHeaders = headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestHeaders);
if (!(!this.options.AllowAnyRequestHeader && accessControlRequestHeaders != null && !AllRequestHeadersGood(accessControlRequestHeaders)))
{
AddOrigin(origin, response);
if (!IsSimpleVerb(accessControlRequestMethod)) //we know there's only one that was in the request
{
responseHeaders.AppendCommaSeparatedValues(CorsConstants.AccessControlAllowMethods, accessControlRequestMethod);
}
writeHeaders = GetNonSimpleRequestHeaders(accessControlRequestHeaders);
if (writeHeaders.Count > 0)
{
responseHeaders.AppendCommaSeparatedValues(CorsConstants.AccessControlAllowHeaders, writeHeaders.ToArray());
}
if (this.options.PreflightMaxAge.HasValue)
{
responseHeaders[CorsConstants.AccessControlMaxAge] = this.options.PreflightMaxAge.Value.TotalSeconds.ToString(CultureInfo.InvariantCulture);
}
}
}
}
}
context.Response.StatusCode = HttpStatusCodes.Status204NoContent;
return; //this was a preflight, so we don't forward to the actual handler and just send back the CORS info
}
else
{
//real deal
if (!(StringValues.IsNullOrEmpty(origin) || !options.AllowAnyOrigin && !options.Origins.Contains(origin)))
{
AddOrigin(origin, response);
writeHeaders = GetNonSimpleResponseHeaders(this.options.ResponseHeaders);
if (writeHeaders.Count > 0)
{
responseHeaders.AppendCommaSeparatedValues(CorsConstants.AccessControlExposeHeaders, writeHeaders.ToArray());
}
}
}
}
//after doing the CORS thing, and it's not a preflight, finish by letting the real work happen
if (this.Next != null)
{
this.Next.Handle(context);
}
}
