public void GetCorsEngine_ReturnsDefaultCorsEngine()
{
HttpConfiguration config = new HttpConfiguration();
ICorsEngine corsEngine = config.GetCorsEngine();
Assert.IsType(typeof(CorsEngine), corsEngine);
}
private bool TryEvaluateCorsPolicy(CorsRequestContext requestContext, CorsPolicy corsPolicy, out CorsResult corsResult)
{
ICorsEngine engine = _httpConfiguration.GetCorsEngine();
corsResult = engine.EvaluatePolicy(requestContext, corsPolicy);
return(corsResult != null && corsResult.IsValid);
}
private static void AddCorsMessageHandler(this HttpConfiguration httpConfiguration)
{
object corsEnabled;
if (!httpConfiguration.Properties.TryGetValue(CorsEnabledKey, out corsEnabled))
{
Action <HttpConfiguration> defaultInitializer = httpConfiguration.Initializer;
httpConfiguration.Initializer = config =>
{
if (!config.Properties.TryGetValue(CorsEnabledKey, out corsEnabled))
{
// Execute this in the Initializer to ensure that the CorsMessageHandler is added last.
config.MessageHandlers.Add(new CorsMessageHandler(config));
ITraceWriter traceWriter = config.Services.GetTraceWriter();
if (traceWriter != null)
{
ICorsPolicyProviderFactory factory = config.GetCorsPolicyProviderFactory();
config.SetCorsPolicyProviderFactory(new CorsPolicyProviderFactoryTracer(factory, traceWriter));
ICorsEngine corsEngine = config.GetCorsEngine();
config.SetCorsEngine(new CorsEngineTracer(corsEngine, traceWriter));
}
config.Properties[CorsEnabledKey] = true;
}
defaultInitializer(config);
};
}
}
public CorsEngineTracer(ICorsEngine corsEngine, ITraceWriter traceWriter)
{
Contract.Assert(corsEngine != null);
Contract.Assert(traceWriter != null);
_innerCorsEngine = corsEngine;
_traceWriter = traceWriter;
}
public CorsEngineTracer(ICorsEngine corsEngine, ITraceWriter traceWriter)
{
Contract.Assert(corsEngine != null);
Contract.Assert(traceWriter != null);
_innerCorsEngine = corsEngine;
_traceWriter = traceWriter;
}
public void GetCorsEngine_ReturnsTheCustomCorsEngine()
{
ICorsEngine mockEngine = new Mock <ICorsEngine>().Object;
HttpConfiguration config = new HttpConfiguration();
config.SetCorsEngine(mockEngine);
ICorsEngine corsEngine = config.GetCorsEngine();
Assert.Same(mockEngine, corsEngine);
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(OwinMiddleware next, CorsOptions options)
: base(next)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
/// <summary>
/// Sets the <see cref="ICorsEngine"/> on the <see cref="HttpConfiguration"/>.
/// </summary>
/// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
/// <param name="corsEngine">The <see cref="ICorsEngine"/>.</param>
/// <exception cref="System.ArgumentNullException">
/// httpConfiguration
/// or
/// corsEngine
/// </exception>
public static void SetCorsEngine(this HttpConfiguration httpConfiguration, ICorsEngine corsEngine)
{
if (httpConfiguration == null)
{
throw new ArgumentNullException("httpConfiguration");
}
if (corsEngine == null)
{
throw new ArgumentNullException("corsEngine");
}
httpConfiguration.Properties[CorsEngineKey] = corsEngine;
}
public CorsBehavior(IBehaviorChain behaviorChain,
ICorsEngine corsEngine, CorsConfiguration corsConfiguration,
ActionDescriptor actionDescriptor, HttpRequestMessage requestMessage,
IEnumerable <ICorsPolicySource> policySources, Configuration configuration,
HttpConfiguration httpConfiguration) : base(behaviorChain)
{
_configuration = configuration;
_httpConfiguration = httpConfiguration;
_corsEngine = corsEngine;
_corsConfiguration = corsConfiguration;
_actionDescriptor = actionDescriptor;
_requestMessage = requestMessage;
_policySources = policySources;
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(AppFunc next, CorsOptions options)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
_next = next;
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
/// <summary>
/// Creates a new instance of CorsMiddleware.
/// </summary>
/// <param name="next"></param>
/// <param name="options"></param>
public CorsMiddleware(AppFunc next, CorsOptions options)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
_next = next;
_corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider();
_corsEngine = options.CorsEngine ?? new CorsEngine();
}
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
//根据当前请求创建CorsRequestContext
CorsRequestContext context = request.CreateCorsRequestContext();
//针对非预检请求:将请求传递给消息处理管道后续部分继续处理,并得到响应
HttpResponseMessage response = null;
if (!context.IsPreflight)
{
response = await base.SendAsync(request, cancellationToken);
}
//利用注册的CorsPolicyProviderFactory得到对应的CorsPolicyProvider
//借助于CorsPolicyProvider得到表示CORS资源授权策略的CorsPolicy
HttpConfiguration configuration = request.GetConfiguration();
CorsPolicy policy = await configuration.GetCorsPolicyProviderFactory().GetCorsPolicyProvider(request).GetCorsPolicyAsync(request, cancellationToken);
//获取注册的CorsEngine
//利用CorsEngine对请求实施CORS资源授权检验,并得到表示检验结果的CorsResult对象
ICorsEngine engine = configuration.GetCorsEngine();
CorsResult result = engine.EvaluatePolicy(context, policy);
//针对预检请求
//如果请求通过授权检验,返回一个状态为“200, OK”的响应并添加CORS报头
//如果授权检验失败,返回一个状态为“400, Bad Request”的响应并指定授权失败原因
if (context.IsPreflight)
{
if (result.IsValid)
{
response = new HttpResponseMessage(HttpStatusCode.OK);
response.AddCorsHeaders(result);
}
else
{
response = request.CreateErrorResponse(HttpStatusCode.BadRequest, string.Join(" |", result.ErrorMessages.ToArray()));
}
}
//针对非预检请求
//CORS报头只有在通过授权检验情况下才会被添加到响应报头集合中
else if (result.IsValid)
{
response.AddCorsHeaders(result);
}
return(response);
}
public void Setup()
{
_configuration = new Configuration();
_corsEngine = new CorsEngine();
_corsConfiguration = new CorsConfiguration();
_actionDescriptor = new ActionDescriptor(ActionMethod.From <Handler>(x => x.Get()),
null, null, null, null, null, null, null, new TypeCache());
_innerResponse = new HttpResponseMessage();
_behaviorChain = Substitute.For <IBehaviorChain>();
_behaviorChain.InvokeNext().Returns(_innerResponse);
_requestMessage = new HttpRequestMessage();
_requestMessage.Headers.Host = "yourmom.com";
_requestMessage.Properties.Add(HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration());
_policySources = new List <ICorsPolicySource>();
_behavior = new CorsBehavior(_behaviorChain, _corsEngine, _corsConfiguration,
_actionDescriptor, _requestMessage, _policySources, _configuration, null);
}
public DomainLockedApiKeyFilter(IMinistryPlatformRestRepository ministryPlatformRestRepository, ICorsEngine corsEngine, IApiUserRepository apiUserRepository)
{
_apiKeys = ministryPlatformRestRepository.UsingAuthenticationToken(apiUserRepository.GetToken()).Search <DomainLockedApiKey>();
_corsEngine = corsEngine;
}
/// <summary>
/// Sets the <see cref="ICorsEngine"/> on the <see cref="HttpConfiguration"/>.
/// </summary>
/// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
/// <param name="corsEngine">The <see cref="ICorsEngine"/>.</param>
/// <exception cref="System.ArgumentNullException">
/// httpConfiguration
/// or
/// corsEngine
/// </exception>
public static void SetCorsEngine(this HttpConfiguration httpConfiguration, ICorsEngine corsEngine)
{
if (httpConfiguration == null)
{
throw new ArgumentNullException("httpConfiguration");
}
if (corsEngine == null)
{
throw new ArgumentNullException("corsEngine");
}
httpConfiguration.Properties[CorsEngineKey] = corsEngine;
}
