public void Ctor_CanSetAllAllowSettings_ToRequiredValues()
        {
            var elements = new CorsElementCollection();
            var fooElement = new CorsElement
            {
                Name = "foo",
                Headers = "X-Api-Rate;Foo",
                Methods = "GET;POST;PUT",
                Origins = "http://foo.com;http://www.abc.com"
            };
            elements.Add(fooElement);

            var corsSection = new CorsSection
            {
                CorsPolicies = elements
            };

            var attr = new ConfigurableCorsPolicyAttribute("foo", corsSection);
            var policy = attr.GetCorsPolicyAsync(new HttpRequestMessage(), default(CancellationToken)).Result;

            policy.AllowAnyMethod.ShouldEqual(false);
            policy.Methods.ShouldContain("GET");
            policy.Methods.ShouldContain("POST");
            policy.Methods.ShouldContain("PUT");

            policy.AllowAnyHeader.ShouldEqual(false);
            policy.Headers.ShouldContain("X-Api-Rate");
            policy.Headers.ShouldContain("Foo");

            policy.AllowAnyOrigin.ShouldEqual(false);
            policy.Origins.ShouldContain("http://foo.com");
            policy.Origins.ShouldContain("http://www.abc.com");
        }
        public ConfigurableCorsPolicyAttribute(string name, CorsSection corsSection)
        {
            _policy = new CorsPolicy();

            if (corsSection != null)
            {
                var policy = corsSection.CorsPolicies.Cast<CorsElement>().FirstOrDefault(x => x.Name == name);
                if (policy != null)
                {
                    if (policy.Headers == "*")
                    {
                        _policy.AllowAnyHeader = true;
                    }
                    else
                    {
                        policy.Headers.Split(new[] { ";" }, StringSplitOptions.RemoveEmptyEntries).ToList().ForEach(x => _policy.Headers.Add(x.Trim()));
                    }

                    if (policy.Methods == "*")
                    {
                        _policy.AllowAnyMethod = true;
                    }
                    else
                    {
                        policy.Methods.Split(new[] { ";" }, StringSplitOptions.RemoveEmptyEntries).ToList().ForEach(x => _policy.Methods.Add(x.Trim()));
                    }

                    if (policy.Origins == "*")
                    {
                        _policy.AllowAnyOrigin = true;
                    }
                    else
                    {
                        policy.Origins.Split(new [] {";"}, StringSplitOptions.RemoveEmptyEntries).ToList().ForEach(x => _policy.Origins.Add(x.Trim()));
                    }

                    if (policy.ExposedHeaders != null)
                    {
                        policy.ExposedHeaders.Split(new[] { ";" }, StringSplitOptions.RemoveEmptyEntries).ToList().ForEach(x => _policy.ExposedHeaders.Add(x.Trim()));
                    }
                }
            }
        }
        public ConfigurableCorsPolicyAttribute(string name, CorsSection corsSection)
        {
            _policy = new CorsPolicy();

            if (corsSection != null)
            {
                var policy = corsSection.CorsPolicies.Cast<CorsElement>().FirstOrDefault(x => x.Name == name);
                if (policy != null)
                {
                    if (policy.Headers == "*")
                    {
                        _policy.AllowAnyHeader = true;
                    }
                    else
                    {
                        policy.Headers.Split(';').ToList().ForEach(x => _policy.Headers.Add(x));
                    }

                    if (policy.Methods == "*")
                    {
                        _policy.AllowAnyMethod = true;
                    }
                    else
                    {
                        policy.Methods.Split(';').ToList().ForEach(x => _policy.Methods.Add(x));
                    }

                    if (policy.Origins == "*")
                    {
                        _policy.AllowAnyOrigin = true;
                    }
                    else
                    {
                        policy.Origins.Split(';').ToList().ForEach(x => _policy.Origins.Add(x));
                    }
                }
            }
        }
        public void Ctor_CanSetAllAllowSettings_ToStar()
        {
            var elements = new CorsElementCollection();
            var fooElement = new CorsElement
            {
                Name = "foo",
                Headers = "*",
                Methods = "*",
                Origins = "*"
            };
            elements.Add(fooElement);

            var corsSection = new CorsSection
            {
                CorsPolicies = elements
            };

            var attr = new ConfigurableCorsPolicyAttribute("foo", corsSection);

            var policy = attr.GetCorsPolicyAsync(new HttpRequestMessage(), default(CancellationToken)).Result;
            policy.AllowAnyMethod.ShouldEqual(true);
            policy.AllowAnyHeader.ShouldEqual(true);
            policy.AllowAnyOrigin.ShouldEqual(true);
        }
        public void Ctor_TrimsUnnecessaryWhitespaceAroundEsposedHeaders()
        {
            var elements = new CorsElementCollection();
            var fooElement = new CorsElement
            {
                Name = "foo",
                Headers = "*",
                Methods = "*",
                Origins = "*",
                ExposedHeaders = "\r\n    X-Api-Rate;\r\n    Foo"
            };
            elements.Add(fooElement);

            var corsSection = new CorsSection
            {
                CorsPolicies = elements
            };

            var attr = new ConfigurableCorsPolicyAttribute("foo", corsSection);
            var policy = attr.GetCorsPolicyAsync(new HttpRequestMessage(), default(CancellationToken)).Result;

            policy.ExposedHeaders.Count.ShouldEqual(2);
            policy.ExposedHeaders[0].ShouldEqual("X-Api-Rate");
            policy.ExposedHeaders[1].ShouldEqual("Foo");
        }