Ejemplo n.º 1
0
        public void GetCorsPolicyProvider_NullRequest_Throws()
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();

            Assert.ThrowsArgumentNull(() => providerFactory.GetCorsPolicyProvider(null), "request");
        }
Ejemplo n.º 2
0
        public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails()
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();
            ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object;

            providerFactory.DefaultPolicyProvider = mockProvider;
            HttpRequestMessage request = new HttpRequestMessage(
                HttpMethod.Options,
                "http://localhost/sample"
                );

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
            HttpConfiguration config = new HttpConfiguration();

            request.SetConfiguration(config);
            IHttpRoute route = config.Routes.MapHttpRoute(
                "default",
                "{controller}/{id}",
                new { id = RouteParameter.Optional }
                );

            request.SetRouteData(route.GetRouteData("/", request));

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            Assert.Same(mockProvider, provider);
        }
Ejemplo n.º 3
0
        public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController()
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage       request = new HttpRequestMessage();
            Func <string>            action  = new SampleController().Get;
            HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor
            {
                ControllerName = "Sample",
                ControllerType = typeof(SampleController)
            };

            request.SetActionDescriptor(
                new ReflectedHttpActionDescriptor
            {
                MethodInfo           = action.Method,
                ControllerDescriptor = controllerDescriptor
            }
                );
            request.Headers.Add("Origin", "http://example.com");

            ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);

            Assert.NotNull(policyProvider);
            Assert.IsType <EnableCorsAttribute>(policyProvider);
        }
Ejemplo n.º 4
0
        public void GetCorsPolicyProvider_Preflight_NoHttpConfiguration_Throws()
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();

            // No HttpConfiguration set on the request.
            HttpRequestMessage request = new HttpRequestMessage(
                HttpMethod.Options,
                "http://localhost/sample"
                );

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
            HttpConfiguration config = new HttpConfiguration();
            IHttpRoute        route  = config.Routes.MapHttpRoute(
                "default",
                "{controller}/{id}",
                new { id = RouteParameter.Optional }
                );

            request.SetRouteData(route.GetRouteData("/", request));

            Assert.Throws <InvalidOperationException>(
                () => providerFactory.GetCorsPolicyProvider(request),
                "The request does not have an associated configuration object."
                );
        }
Ejemplo n.º 5
0
        public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider(
            string httpMethod,
            string path,
            Type expectedProviderType
            )
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(
                HttpMethod.Options,
                "http://localhost/sample" + path
                );

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod);
            HttpConfiguration config = new HttpConfiguration();

            request.SetConfiguration(config);
            IHttpRoute route = config.Routes.MapHttpRoute(
                "default",
                "{controller}/{id}",
                new { id = RouteParameter.Optional }
                );

            request.SetRouteData(route.GetRouteData("/", request));

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            Assert.IsType(expectedProviderType, provider);
        }
        public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection()
        {
            // Arrange
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST");
            HttpConfiguration config = new HttpConfiguration();
            HttpControllerContext controllerContext = null;
            var actionSelector = new Mock<IHttpActionSelector>();
            actionSelector.Setup(s => s.SelectAction(It.IsAny<HttpControllerContext>()))
                          .Callback<HttpControllerContext>(context => 
                          {
                              Assert.False(((SampleController)context.Controller).Disposed);
                              controllerContext = context;
                          });
            config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object);
            request.SetConfiguration(config);
            IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
            request.SetRouteData(route.GetRouteData("/", request));

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            // Assert
            Assert.True(((SampleController)controllerContext.Controller).Disposed);
        }
        public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection()
        {
            // Arrange
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST");
            HttpConfiguration     config            = new HttpConfiguration();
            HttpControllerContext controllerContext = null;
            var actionSelector = new Mock <IHttpActionSelector>();

            actionSelector.Setup(s => s.SelectAction(It.IsAny <HttpControllerContext>()))
            .Callback <HttpControllerContext>(context =>
            {
                Assert.False(((SampleController)context.Controller).Disposed);
                controllerContext = context;
            });
            config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object);
            request.SetConfiguration(config);
            IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });

            request.SetRouteData(route.GetRouteData("/", request));

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            // Assert
            Assert.True(((SampleController)controllerContext.Controller).Disposed);
        }
Ejemplo n.º 8
0
        public static void Register(HttpConfiguration config)
        {
            config.EnableCors();
            // Web API routes
            config.EnableSystemDiagnosticsTracing().IsVerbose = true;
            config.MapHttpAttributeRoutes();

            var defaultPolicyProvider = new EnableCorsAttribute("*", "*", "*");
            defaultPolicyProvider.SupportsCredentials = true; //important if you are sending cookies
            AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory();
            policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider;
            config.SetCorsPolicyProviderFactory(policyProviderFactory);

            config.Routes.MapHttpRoute(
                name: "BatchApi",
                routeTemplate: "api/batch",
                defaults: null,
                constraints: null,
                handler: new DefaultHttpBatchHandler(GlobalConfiguration.DefaultServer));
            
            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional },
                constraints: null,
                handler: new CorsMessageHandler(config) { InnerHandler = new HttpControllerDispatcher(config) }
            );
        }
 public void GetCorsPolicyProvider_NullRequest_Throws()
 {
     AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
     Assert.ThrowsArgumentNull(() =>
         providerFactory.GetCorsPolicyProvider(null),
         "request");
 }
Ejemplo n.º 10
0
        public void GetCorsPolicyProvider_Preflight_Throws_WhenNoDefaultPolicyProviderAndActionSelectionFails()
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(
                HttpMethod.Options,
                "http://localhost/sample"
                );

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
            HttpConfiguration config = new HttpConfiguration();

            request.SetConfiguration(config);
            IHttpRoute route = config.Routes.MapHttpRoute(
                "default",
                "{controller}/{id}",
                new { id = RouteParameter.Optional }
                );

            request.SetRouteData(route.GetRouteData("/", request));

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            Assert.Throws <HttpResponseException>(
                () => providerFactory.GetCorsPolicyProvider(request)
                );
        }
Ejemplo n.º 11
0
        public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration()
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(
                HttpMethod.Options,
                "http://localhost/percontrollerconfig"
                );

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod");
            HttpConfiguration config = new HttpConfiguration();

            request.SetConfiguration(config);
            config.Routes.MapHttpRoute(
                "default",
                "{controller}/{id}",
                new { id = RouteParameter.Optional }
                );

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider);
            string origin = Assert.Single(enableCorsAttribute.Origins);

            Assert.Equal("http://example.com", origin);
        }
        public void GetCorsPolicyProvider_Preflight_NoRouteData_ReturnsNull()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();

            // No RouteData set on the request.
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
            HttpConfiguration config = new HttpConfiguration();
            request.SetConfiguration(config);

            var provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.Null(provider);
        }
        public void GetCorsPolicyProvider_Preflight_NoRouteData_Throws()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();

            // No RouteData set on the request.
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
            HttpConfiguration config = new HttpConfiguration();
            request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;

            Assert.Throws<InvalidOperationException>(() =>
                providerFactory.GetCorsPolicyProvider(request),
                "No route data was found for this request.");
        }
        public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider(string httpMethod, string path, Type expectedProviderType)
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample" + path);
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod);
            HttpConfiguration config = new HttpConfiguration();
            request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
            IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
            request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            Assert.IsType(expectedProviderType, provider);
        }
        public void GetCorsPolicyProvider_Preflight_NoHttpConfiguration_Throws()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();

            // No HttpConfiguration set on the request.
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
            HttpConfiguration config = new HttpConfiguration();
            IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
            request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);

            Assert.Throws<InvalidOperationException>(() =>
                providerFactory.GetCorsPolicyProvider(request),
                "The request does not have an associated configuration object.");
        }
        /// <summary>
        /// Enables the support for CORS.
        /// </summary>
        /// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
        /// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param>
        /// <exception cref="System.ArgumentNullException">httpConfiguration</exception>
        public static void EnableCors(this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider)
        {
            if (httpConfiguration == null)
            {
                throw new ArgumentNullException("httpConfiguration");
            }

            if (defaultPolicyProvider != null)
            {
                AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory();
                policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider;
                httpConfiguration.SetCorsPolicyProviderFactory(policyProviderFactory);
            }

            AddCorsMessageHandler(httpConfiguration);
        }
        /// <summary>
        /// Enables the support for CORS.
        /// </summary>
        /// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
        /// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param>
        /// <exception cref="System.ArgumentNullException">httpConfiguration</exception>
        public static void EnableCors(this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider)
        {
            if (httpConfiguration == null)
            {
                throw new ArgumentNullException("httpConfiguration");
            }

            if (defaultPolicyProvider != null)
            {
                AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory();
                policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider;
                httpConfiguration.SetCorsPolicyProviderFactory(policyProviderFactory);
            }

            AddCorsMessageHandler(httpConfiguration);
        }
        public void GetCorsPolicyProvider_Preflight_NoRouteData_ReturnsNull()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();

            // No RouteData set on the request.
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
            HttpConfiguration config = new HttpConfiguration();

            request.SetConfiguration(config);

            var provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.Null(provider);
        }
        public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnAction()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage();
            Func <string>      action  = new SampleController().Post;

            request.SetActionDescriptor(new ReflectedHttpActionDescriptor
            {
                MethodInfo = action.Method
            });
            request.Headers.Add("Origin", "http://example.com");

            ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);

            Assert.NotNull(policyProvider);
            Assert.IsType(typeof(DisableCorsAttribute), policyProvider);
        }
Ejemplo n.º 20
0
        public void GetCorsPolicyProvider_Preflight_NoRouteData_Throws()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();

            // No RouteData set on the request.
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
            HttpConfiguration config = new HttpConfiguration();

            request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;

            Assert.Throws <InvalidOperationException>(() =>
                                                      providerFactory.GetCorsPolicyProvider(request),
                                                      "No route data was found for this request.");
        }
        public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            ICorsPolicyProvider mockProvider = new Mock<ICorsPolicyProvider>().Object;
            providerFactory.DefaultPolicyProvider = mockProvider;
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
            HttpConfiguration config = new HttpConfiguration();
            request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
            IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
            request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            Assert.Same(mockProvider, provider);
        }
        public void GetCorsPolicyProvider_ReturnsDefaultPolicyProvider()
        {
            ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object;
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();

            providerFactory.DefaultPolicyProvider = mockProvider;
            HttpRequestMessage request = new HttpRequestMessage();
            Func <string>      action  = new DefaultController().Get;

            request.SetActionDescriptor(new ReflectedHttpActionDescriptor
            {
                MethodInfo = action.Method
            });
            request.Headers.Add("Origin", "http://example.com");

            ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);

            Assert.Same(mockProvider, policyProvider);
        }
Ejemplo n.º 23
0
        public void GetCorsPolicyProvider_Preflight_DoesNotUseRouteDataOnTheRequest()
        {
            AttributeBasedPolicyProviderFactory providerFactory =
                new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(
                HttpMethod.Options,
                "http://localhost/sample"
                );

            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "Put");
            HttpConfiguration config = new HttpConfiguration();

            request.SetConfiguration(config);
            var route = config.Routes.MapHttpRoute(
                "default",
                "{controller}/{id}",
                new { id = RouteParameter.Optional }
                );

            request.SetRouteData(
                new HttpRouteData(
                    route,
                    new HttpRouteValueDictionary(
                        new { action = "Options", controller = "sample", id = 2 }
                        )
                    )
                );

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider);

            Assert.Equal(2, enableCorsAttribute.Origins.Count());
            Assert.Equal("http://example.com", enableCorsAttribute.Origins[0]);
            Assert.Equal("http://localhost", enableCorsAttribute.Origins[1]);
        }
        public void GetCorsPolicyProvider_Preflight_Throws_WhenNoDefaultPolicyProviderAndActionSelectionFails()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
            HttpConfiguration config = new HttpConfiguration();
            request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
            IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
            request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            Assert.Throws<HttpResponseException>(() =>
                providerFactory.GetCorsPolicyProvider(request));
        }
        public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage();
            Func<string> action = new SampleController().Get;
            HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor
            {
                ControllerName = "Sample",
                ControllerType = typeof(SampleController)
            };
            request.SetActionDescriptor(new ReflectedHttpActionDescriptor
            {
                MethodInfo = action.Method,
                ControllerDescriptor = controllerDescriptor
            });
            request.Headers.Add("Origin", "http://example.com");

            ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);

            Assert.NotNull(policyProvider);
            Assert.IsType(typeof(EnableCorsAttribute), policyProvider);
        }
        public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/percontrollerconfig");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod");
            HttpConfiguration config = new HttpConfiguration();
            request.SetConfiguration(config);
            config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            EnableCorsAttribute enableCorsAttribute = Assert.IsType<EnableCorsAttribute>(provider);
            Assert.Equal(1, enableCorsAttribute.Origins.Count());
            Assert.Equal("http://example.com", enableCorsAttribute.Origins.First());
        }
        public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnAction()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage();
            Func<string> action = new SampleController().Post;
            request.Properties[HttpPropertyKeys.HttpActionDescriptorKey] = new ReflectedHttpActionDescriptor
            {
                MethodInfo = action.Method
            };
            request.Headers.Add("Origin", "http://example.com");

            ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);

            Assert.NotNull(policyProvider);
            Assert.IsType(typeof(DisableCorsAttribute), policyProvider);
        }
        public void GetCorsPolicyProvider_Preflight_DoesNotUseRouteDataOnTheRequest()
        {
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
            request.Headers.Add("Origin", "http://localhost");
            request.Headers.Add(CorsConstants.AccessControlRequestMethod, "Put");
            HttpConfiguration config = new HttpConfiguration();
            request.SetConfiguration(config);
            var route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
            request.SetRouteData(new HttpRouteData(route, new HttpRouteValueDictionary(new { action = "Options", controller = "sample", id = 2 })));

            ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);

            Assert.True(request.GetCorsRequestContext().IsPreflight);
            EnableCorsAttribute enableCorsAttribute = Assert.IsType<EnableCorsAttribute>(provider);
            Assert.Equal(2, enableCorsAttribute.Origins.Count());
            Assert.Equal("http://example.com", enableCorsAttribute.Origins[0]);
            Assert.Equal("http://localhost", enableCorsAttribute.Origins[1]);
        }
        public void GetCorsPolicyProvider_ReturnsDefaultPolicyProvider()
        {
            ICorsPolicyProvider mockProvider = new Mock<ICorsPolicyProvider>().Object;
            AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
            providerFactory.DefaultPolicyProvider = mockProvider;
            HttpRequestMessage request = new HttpRequestMessage();
            Func<string> action = new DefaultController().Get;
            request.Properties[HttpPropertyKeys.HttpActionDescriptorKey] = new ReflectedHttpActionDescriptor
            {
                MethodInfo = action.Method
            };
            request.Headers.Add("Origin", "http://example.com");

            ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);

            Assert.Same(mockProvider, policyProvider);
        }