Exemple #1
0
        /// <summary>
        /// on action executing...
        /// </summary>
        /// <param name="filterContext"></param>
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (HasOrigin(filterContext))
            {
                var corsPolicy = _policy ?? InternalCorsPolicyManager.GetPolicy(_policyName) ?? InternalCorsPolicyManager.GetDefaultPolicy();
                var context    = filterContext.RequestContext.HttpContext;
                if (corsPolicy != null &&
                    (!CorsCoreHelper.DoesPolicyContainsMatchingRule(corsPolicy) ||
                     (CorsCoreHelper.DoesPolicyContainsMatchingRule(corsPolicy) && CorsCoreHelper.IsMatchedIgnoreRule(context, corsPolicy))))
                {
                    var corsResult = CorsCoreHelper.EvaluatePolicy(context, corsPolicy);
                    CorsCoreHelper.ApplyResult(corsResult, context.Response);

                    var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod];
                    if (string.Equals(context.Request.HttpMethod, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) &&
                        !string.IsNullOrEmpty(accessControlRequestMethod))
                    {
                        context.Response.StatusCode = new HttpStatusCodeResult(HttpStatusCode.NoContent).StatusCode;
                        return;
                    }
                }
            }

            base.OnActionExecuting(filterContext);
        }
Exemple #2
0
        public static void WithCors(this NancyContext context, CorsPolicy policy)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            if (policy != null && HasOrigin(context))
            {
                if (!CorsCoreHelper.DoesPolicyContainsMatchingRule(policy) ||
                    CorsCoreHelper.DoesPolicyContainsMatchingRule(policy) && CorsCoreHelper.IsMatchedIgnoreRule(context, policy))
                {
                    var corsResult = CorsCoreHelper.EvaluatePolicy(context, policy);
                    CorsCoreHelper.ApplyResult(corsResult, context.Response);

                    var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod]?.FirstOrDefault();
                    if (string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod,
                                      StringComparison.OrdinalIgnoreCase) &&
                        !string.IsNullOrEmpty(accessControlRequestMethod))
                    {
                        context.Response.StatusCode = HttpStatusCode.NoContent;
                    }
                }
            }
        }
        /// <summary>
        /// 全局使用 CORS
        /// </summary>
        /// <param name="filters"></param>
        /// <param name="optionsAction"></param>
        /// <returns></returns>
        public static GlobalFilterCollection AddCorsFilter(this GlobalFilterCollection filters, Action <CorsOptions> optionsAction)
        {
            if (filters == null)
            {
                throw new ArgumentNullException(nameof(filters));
            }

            var options = new CorsOptions();

            optionsAction?.Invoke(options);

            CorsCoreHelper.Init(options);

            if (Internal.InternalCorsPolicyManager.EnableGlobalCors)
            {
                filters.Add(new CorsAttribute(Internal.InternalCorsPolicyManager.GlobalCorsPolicyName));
            }

            return(filters);
        }
Exemple #4
0
        /// <summary>
        /// Use cors module
        /// </summary>
        /// <param name="pipelines"></param>
        /// <param name="optionsAction"></param>
        /// <returns></returns>
        public static IPipelines UseCors(this IPipelines pipelines, Action <CorsOptions> optionsAction)
        {
            if (pipelines == null)
            {
                throw new ArgumentNullException(nameof(pipelines));
            }

            var options = new CorsOptions();

            optionsAction?.Invoke(options);

            InternalCorsPolicyManager.SetPolicyMap(options);

            pipelines.AfterRequest.AddItemToEndOfPipeline(ctx =>
            {
                if (InternalCorsPolicyManager.EnableGlobalCors /*&& HasOrigin(ctx)*/)
                {
                    var corsPolicy =
                        InternalCorsPolicyManager.GetPolicy(InternalCorsPolicyManager.GlobalCorsPolicyName) ??
                        InternalCorsPolicyManager.GetDefaultPolicy();
                    if (corsPolicy != null &&
                        (!CorsCoreHelper.DoesPolicyContainsMatchingRule(corsPolicy) ||
                         (CorsCoreHelper.DoesPolicyContainsMatchingRule(corsPolicy) && CorsCoreHelper.IsMatchedIgnoreRule(ctx, corsPolicy))))
                    {
                        var corsResult = CorsCoreHelper.EvaluatePolicy(ctx, corsPolicy);
                        CorsCoreHelper.ApplyResult(corsResult, ctx.Response);

                        var accessControlRequestMethod = ctx.Request.Headers[CorsConstants.AccessControlRequestMethod]?.FirstOrDefault();
                        if (string.Equals(ctx.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) &&
                            !string.IsNullOrEmpty(accessControlRequestMethod))
                        {
                            ctx.Response.StatusCode = HttpStatusCode.NoContent;
                        }
                    }
                }

                //return null;
            });

            return(pipelines);
        }