private CorsAccessResponse CalculateResponse(
CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
CorsAccessResponse response = new CorsAccessResponse();
if (configEntry != null)
{
if (CheckOrigin(accessRequest, configEntry))
{
if (accessRequest.IsCorsSimple)
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddExposedHeaders(configEntry, response);
}
else if (accessRequest.IsCorsPreflight)
{
if (CheckMethods(accessRequest, configEntry)
&& CheckRequestHeaders(accessRequest, configEntry))
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddCacheDuration(configEntry, response);
AddAllowedMethods(accessRequest, configEntry, response);
AddAllowedRequestHeaders(accessRequest, configEntry, response);
}
}
}
}
return response;
}
private CorsAccessResponse CalculateResponse(
CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
CorsAccessResponse response = new CorsAccessResponse();
if (configEntry != null)
{
if (CheckOrigin(accessRequest, configEntry))
{
if (accessRequest.IsCorsSimple)
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddExposedHeaders(configEntry, response);
}
else if (accessRequest.IsCorsPreflight)
{
if (CheckMethods(accessRequest, configEntry) &&
CheckRequestHeaders(accessRequest, configEntry))
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddCacheDuration(configEntry, response);
AddAllowedMethods(accessRequest, configEntry, response);
AddAllowedRequestHeaders(accessRequest, configEntry, response);
}
}
}
}
return(response);
}
private void AddCacheDuration(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.CacheDuration.HasValue && configEntry.CacheDuration.Value > 0)
{
response.ResponseCacheDurationSeconds = configEntry.CacheDuration;
}
}
private static bool CheckMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
if (configEntry.AllowAllMethods) return true;
var configMethods = configEntry.Methods.Select(x => x.ToUpper());
var requestedMethod = accessRequest.RequestedMethod;
return configMethods.Contains(requestedMethod);
}
private void AddExposedHeaders(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var exposedHeaders = configEntry.ResponseHeaders.RemoveSimpleResponseHeaders();
if (exposedHeaders.Any())
{
response.AllowedResponseHeaders = exposedHeaders;
}
}
private bool CheckRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
if (configEntry.AllowAllRequestedHeaders) return true;
var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders();
var allowedHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders();
// the requested headers must all be in the allowed list
var both = requestedHeaders.Intersect(allowedHeaders, StringComparer.OrdinalIgnoreCase);
return both.Count() == requestedHeaders.Count();
}
private static bool CheckMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
if (configEntry.AllowAllMethods)
{
return(true);
}
var configMethods = configEntry.Methods.Select(x => x.ToUpper());
var requestedMethod = accessRequest.RequestedMethod;
return(configMethods.Contains(requestedMethod));
}
public void Add(CorsConfigurationEntry entry)
{
// entry validation
if (entry.AllResources && entry.Resource != null)
{
throw new ArgumentException("Resource not allowed if configured as AllResources.");
}
if (!entry.AllResources && String.IsNullOrEmpty(entry.Resource))
{
throw new ArgumentException("Resource required.");
}
if (entry.AllowAnyOrigin && entry.Origin != null)
{
throw new ArgumentException("Origin not allowed if configured as AllowAnyOrigin.");
}
if (!entry.AllowAnyOrigin && String.IsNullOrEmpty(entry.Origin))
{
throw new ArgumentException("Origin required.");
}
// entry relative to other registered settings validation
if (entry.AllResources && entry.AllowAnyOrigin && FindAnyResourceForAnyOrigin() != null)
{
throw new InvalidOperationException("Entry already registered for AllResources and AllowAnyOrigin.");
}
if (entry.AllowAnyOrigin && !entry.AllResources && FindByResourceAnyOrigin(entry.Resource) != null)
{
throw new InvalidOperationException("Resource '" + entry.Resource + "' already registered for AllowAnyOrigin.");
}
if (!entry.AllowAnyOrigin && entry.AllResources && FindAnyResourceByOrigin(entry.Origin) != null)
{
throw new InvalidOperationException("Origin '" + entry.Origin + "' already registered for AllResources.");
}
if (!entry.AllowAnyOrigin && !entry.AllResources && FindByResourceAndOrigin(entry.Resource, entry.Origin) != null)
{
throw new InvalidOperationException("Resource '" + entry.Resource + "' already registered for Origin '" + entry.Origin + "'.");
}
if (entry.CacheDuration == null)
{
entry.CacheDuration = this.DefaultCacheDuration;
}
settings.Add(entry);
}
public void Add(CorsConfigurationEntry entry)
{
// entry validation
if (entry.AllResources && entry.Resource != null)
{
throw new ArgumentException("Resource not allowed if configured as AllResources.");
}
if (!entry.AllResources && String.IsNullOrEmpty(entry.Resource))
{
throw new ArgumentException("Resource required.");
}
if (entry.AllowAnyOrigin && entry.Origin != null)
{
throw new ArgumentException("Origin not allowed if configured as AllowAnyOrigin.");
}
if (!entry.AllowAnyOrigin && String.IsNullOrEmpty(entry.Origin))
{
throw new ArgumentException("Origin required.");
}
// entry relative to other registered settings validation
if (entry.AllResources && entry.AllowAnyOrigin && FindAnyResourceForAnyOrigin() != null)
{
throw new InvalidOperationException("Entry already registered for AllResources and AllowAnyOrigin.");
}
if (entry.AllowAnyOrigin && !entry.AllResources && FindByResourceAnyOrigin(entry.Resource) != null)
{
throw new InvalidOperationException("Resource '" + entry.Resource + "' already registered for AllowAnyOrigin.");
}
if (!entry.AllowAnyOrigin && entry.AllResources && FindAnyResourceByOrigin(entry.Origin) != null)
{
throw new InvalidOperationException("Origin '" + entry.Origin + "' already registered for AllResources.");
}
if (!entry.AllowAnyOrigin && !entry.AllResources && FindByResourceAndOrigin(entry.Resource, entry.Origin) != null)
{
throw new InvalidOperationException("Resource '" + entry.Resource + "' already registered for Origin '" + entry.Origin + "'.");
}
if (entry.CacheDuration == null)
{
entry.CacheDuration = this.DefaultCacheDuration;
}
settings.Add(entry);
}
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (!accessRequest.RequestedMethod.IsSimpleMethod())
{
if (configEntry.AllowAllMethods)
{
response.AllowedMethods = CorsConstants.NotSimpleMethods;
}
else
{
response.AllowedMethods = configEntry.Methods.Select(x => x.ToUpper()).ToArray();
}
}
}
private bool CheckRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
if (configEntry.AllowAllRequestedHeaders)
{
return(true);
}
var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders();
var allowedHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders();
// the requested headers must all be in the allowed list
var both = requestedHeaders.Intersect(allowedHeaders, StringComparer.OrdinalIgnoreCase);
return(both.Count() == requestedHeaders.Count());
}
private static void AddOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.AllowAnyOrigin)
{
if (configEntry.AllowCookies == true)
{
response.OriginAllowed = accessRequest.Origin;
}
else
{
response.OriginAllowed = CorsConstants.ResponseHeader_AllowOrign_Wildcard;
}
}
else
{
response.OriginAllowed = accessRequest.Origin;
}
}
private static bool CheckOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
return
(configEntry.AllowAnyOrigin ||
accessRequest.Origin.Equals(configEntry.Origin, StringComparison.OrdinalIgnoreCase));
}
private void AddCacheDuration(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.CacheDuration.HasValue && configEntry.CacheDuration.Value > 0)
{
response.ResponseCacheDurationSeconds = configEntry.CacheDuration;
}
}
private static bool CheckOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
return
configEntry.AllowAnyOrigin ||
accessRequest.Origin.Equals(configEntry.Origin, StringComparison.OrdinalIgnoreCase);
}
private void AddExposedHeaders(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var exposedHeaders = configEntry.ResponseHeaders.RemoveSimpleResponseHeaders();
if (exposedHeaders.Any())
{
response.AllowedResponseHeaders = exposedHeaders;
}
}
private static void AddCookies(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
response.AreCookiesAllowed = configEntry.AllowCookies;
}
private static void AddOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.AllowAnyOrigin)
{
if (configEntry.AllowCookies == true)
{
response.OriginAllowed = accessRequest.Origin;
}
else
{
response.OriginAllowed = CorsConstants.ResponseHeader_AllowOrign_Wildcard;
}
}
else
{
response.OriginAllowed = accessRequest.Origin;
}
}
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders();
if (requestedHeaders.Any())
{
if (configEntry.AllowAllRequestedHeaders)
{
response.AllowedRequestHeaders = requestedHeaders;
}
else
{
response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray();
}
}
var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase);
if (simpleRequestedHeaders.Any())
{
// chrome asks for things like "Origin" and "Accept", so placate them
response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty<string>()).Distinct();
}
}
private void CheckInit()
{
if (entries == null && ResourcesFrozen && originsFrozen)
{
entries = new List<CorsConfigurationEntry>();
if (Resources == null)
{
// all Resources
if (origins == null)
{
// all origins
var item =
new CorsConfigurationEntry
{
AllResources = true,
AllowAnyOrigin = true
};
entries.Add(item);
}
else
{
// specific origins
var items =
from o in origins
select new CorsConfigurationEntry
{
AllResources = true,
Origin = o
};
entries.AddRange(items);
}
}
else
{
// specific Resources
if (origins == null)
{
// all origins
var items =
from c in Resources
select new CorsConfigurationEntry
{
Resource = c,
AllowAnyOrigin = true
};
entries.AddRange(items);
}
else
{
// specific origins
var items =
from c in Resources
from o in origins
select new CorsConfigurationEntry
{
Resource = c,
Origin = o
};
entries.AddRange(items);
}
}
}
}
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders();
if (requestedHeaders.Any())
{
if (configEntry.AllowAllRequestedHeaders)
{
response.AllowedRequestHeaders = requestedHeaders;
}
else
{
response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray();
}
}
var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase);
if (simpleRequestedHeaders.Any())
{
// chrome asks for things like "Origin" and "Accept", so placate them
response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty <string>()).Distinct();
}
}
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (!accessRequest.RequestedMethod.IsSimpleMethod())
{
if (configEntry.AllowAllMethods)
{
response.AllowedMethods = CorsConstants.NotSimpleMethods;
}
else
{
response.AllowedMethods = configEntry.Methods.Select(x=>x.ToUpper()).ToArray();
}
}
}
private void CheckInit()
{
if (entries == null && ResourcesFrozen && originsFrozen)
{
entries = new List <CorsConfigurationEntry>();
if (Resources == null)
{
// all Resources
if (origins == null)
{
// all origins
var item =
new CorsConfigurationEntry
{
AllResources = true,
AllowAnyOrigin = true
};
entries.Add(item);
}
else
{
// specific origins
var items =
from o in origins
select new CorsConfigurationEntry
{
AllResources = true,
Origin = o
};
entries.AddRange(items);
}
}
else
{
// specific Resources
if (origins == null)
{
// all origins
var items =
from c in Resources
select new CorsConfigurationEntry
{
Resource = c,
AllowAnyOrigin = true
};
entries.AddRange(items);
}
else
{
// specific origins
var items =
from c in Resources
from o in origins
select new CorsConfigurationEntry
{
Resource = c,
Origin = o
};
entries.AddRange(items);
}
}
}
}
private static void AddCookies(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
response.AreCookiesAllowed = configEntry.AllowCookies;
}