Ejemplo n.º 1
0
        // --------------------------------------------------------------- Handlers
        /// <summary>
        /// Handles a CORS request of type
        /// <see cref="CORSRequestType"/>
        /// .SIMPLE.
        /// </summary>
        /// <param name="request">
        /// The
        /// <see cref="Javax.Servlet.Http.IHttpServletRequest"/>
        /// object.
        /// </param>
        /// <param name="response">
        /// The
        /// <see cref="Javax.Servlet.Http.IHttpServletResponse"/>
        /// object.
        /// </param>
        /// <param name="filterChain">
        /// The
        /// <see cref="Javax.Servlet.IFilterChain"/>
        /// object.
        /// </param>
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="Javax.Servlet.ServletException"/>
        /// <seealso><a href="http://www.w3.org/TR/cors/#resource-requests">Simple
        /// *      Cross-Origin Request, Actual Request, and Redirects</a></seealso>
        public void HandleSimpleCORS(IHttpServletRequest request, IHttpServletResponse response, IFilterChain filterChain)
        {
            CORSFilter.CORSRequestType requestType = CheckRequestType(request);
            if (!(requestType == CORSFilter.CORSRequestType.Simple || requestType == CORSFilter.CORSRequestType.Actual))
            {
                string message = "Expects a HttpServletRequest object of type " + CORSFilter.CORSRequestType.Simple + " or " + CORSFilter.CORSRequestType.Actual;
                throw new ArgumentException(message);
            }
            string origin = request.GetHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.RequestHeaderOrigin);
            string method = request.GetMethod();

            // Section 6.1.2
            if (!IsOriginAllowed(origin))
            {
                HandleInvalidCORS(request, response, filterChain);
                return;
            }
            if (!allowedHttpMethods.Contains(method))
            {
                HandleInvalidCORS(request, response, filterChain);
                return;
            }
            // Section 6.1.3
            // Add a single Access-Control-Allow-Origin header.
            if (anyOriginAllowed && !supportsCredentials)
            {
                // If resource doesn't support credentials and if any origin is
                // allowed
                // to make CORS request, return header with '*'.
                response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, "*");
            }
            else
            {
                // If the resource supports credentials add a single
                // Access-Control-Allow-Origin header, with the value of the Origin
                // header as value.
                response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, origin);
            }
            // Section 6.1.3
            // If the resource supports credentials, add a single
            // Access-Control-Allow-Credentials header with the case-sensitive
            // string "true" as value.
            if (supportsCredentials)
            {
                response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowCredentials, "true");
            }
            // Section 6.1.4
            // If the list of exposed headers is not empty add one or more
            // Access-Control-Expose-Headers headers, with as values the header
            // field names given in the list of exposed headers.
            if ((exposedHeaders != null) && (exposedHeaders.Count > 0))
            {
                string exposedHeadersString = Join(exposedHeaders, ",");
                response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlExposeHeaders, exposedHeadersString);
            }
            // Forward the request down the filter chain.
            filterChain.DoFilter(request, response);
        }
        public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
        {
            if (isAuthenticating)
            {
                message.Headers.Authorization = this.CreateAuthHeader();
            }

            return(await chain.DoFilter(message));
        }
        /// <summary>
        /// Uses AsyncLocal to retrieve the correlationId.  Not needed if we decide to use the IFilterChain to pass correlationId.
        /// </summary>
        /// <param name="message"></param>
        /// <param name="chain"></param>
        /// <returns></returns>
        public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
        {
            // add header
            Guid correlationId = AsyncCorrelation.RetrieveCorrelationId();

            // empty correlationId will be ignored.
            if (Guid.Empty != correlationId)
            {
                message.Headers.Add(CorrelationIdHttpHeaderName, correlationId.ToString("N"));
            }

            return(await chain.DoFilter(message));
        }
        public Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
        {
            if (message == null)
            {
                throw new ArgumentException("message cannot be null");
            }

            // empty correlationId will be ignored.
            if (Guid.Empty != chain.CorrelationId)
            {
                message.Headers.Add(XCorrelationIdHeader, chain.CorrelationId.ToString("N"));
            }

            return(chain.DoFilter(message));
        }
Ejemplo n.º 5
0
 // Do not forward the request down the filter chain.
 /// <summary>Handles a request, that's not a CORS request, but is a valid request i.e.</summary>
 /// <remarks>
 /// Handles a request, that's not a CORS request, but is a valid request i.e.
 /// it is not a cross-origin request. This implementation, just forwards the
 /// request down the filter chain.
 /// </remarks>
 /// <param name="request">
 /// The
 /// <see cref="Javax.Servlet.Http.IHttpServletRequest"/>
 /// object.
 /// </param>
 /// <param name="response">
 /// The
 /// <see cref="Javax.Servlet.Http.IHttpServletResponse"/>
 /// object.
 /// </param>
 /// <param name="filterChain">
 /// The
 /// <see cref="Javax.Servlet.IFilterChain"/>
 /// object.
 /// </param>
 /// <exception cref="System.IO.IOException"/>
 /// <exception cref="Javax.Servlet.ServletException"/>
 public void HandleNonCORS(IHttpServletRequest request, IHttpServletResponse response, IFilterChain filterChain)
 {
     // Let request pass.
     filterChain.DoFilter(request, response);
 }
Ejemplo n.º 6
0
 public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
 {
     message.Headers.Add("User-Agent", userAgent);
     return(await chain.DoFilter(message));
 }