// --------------------------------------------------------------- Handlers
/// <summary>
/// Handles a CORS request of type
/// <see cref="CORSRequestType"/>
/// .SIMPLE.
/// </summary>
/// <param name="request">
/// The
/// <see cref="Javax.Servlet.Http.IHttpServletRequest"/>
/// object.
/// </param>
/// <param name="response">
/// The
/// <see cref="Javax.Servlet.Http.IHttpServletResponse"/>
/// object.
/// </param>
/// <param name="filterChain">
/// The
/// <see cref="Javax.Servlet.IFilterChain"/>
/// object.
/// </param>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Javax.Servlet.ServletException"/>
/// <seealso><a href="http://www.w3.org/TR/cors/#resource-requests">Simple
/// * Cross-Origin Request, Actual Request, and Redirects</a></seealso>
public void HandleSimpleCORS(IHttpServletRequest request, IHttpServletResponse response, IFilterChain filterChain)
{
CORSFilter.CORSRequestType requestType = CheckRequestType(request);
if (!(requestType == CORSFilter.CORSRequestType.Simple || requestType == CORSFilter.CORSRequestType.Actual))
{
string message = "Expects a HttpServletRequest object of type " + CORSFilter.CORSRequestType.Simple + " or " + CORSFilter.CORSRequestType.Actual;
throw new ArgumentException(message);
}
string origin = request.GetHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.RequestHeaderOrigin);
string method = request.GetMethod();
// Section 6.1.2
if (!IsOriginAllowed(origin))
{
HandleInvalidCORS(request, response, filterChain);
return;
}
if (!allowedHttpMethods.Contains(method))
{
HandleInvalidCORS(request, response, filterChain);
return;
}
// Section 6.1.3
// Add a single Access-Control-Allow-Origin header.
if (anyOriginAllowed && !supportsCredentials)
{
// If resource doesn't support credentials and if any origin is
// allowed
// to make CORS request, return header with '*'.
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, "*");
}
else
{
// If the resource supports credentials add a single
// Access-Control-Allow-Origin header, with the value of the Origin
// header as value.
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, origin);
}
// Section 6.1.3
// If the resource supports credentials, add a single
// Access-Control-Allow-Credentials header with the case-sensitive
// string "true" as value.
if (supportsCredentials)
{
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowCredentials, "true");
}
// Section 6.1.4
// If the list of exposed headers is not empty add one or more
// Access-Control-Expose-Headers headers, with as values the header
// field names given in the list of exposed headers.
if ((exposedHeaders != null) && (exposedHeaders.Count > 0))
{
string exposedHeadersString = Join(exposedHeaders, ",");
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlExposeHeaders, exposedHeadersString);
}
// Forward the request down the filter chain.
filterChain.DoFilter(request, response);
}
public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
{
if (isAuthenticating)
{
message.Headers.Authorization = this.CreateAuthHeader();
}
return(await chain.DoFilter(message));
}
/// <summary>
/// Uses AsyncLocal to retrieve the correlationId. Not needed if we decide to use the IFilterChain to pass correlationId.
/// </summary>
/// <param name="message"></param>
/// <param name="chain"></param>
/// <returns></returns>
public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
{
// add header
Guid correlationId = AsyncCorrelation.RetrieveCorrelationId();
// empty correlationId will be ignored.
if (Guid.Empty != correlationId)
{
message.Headers.Add(CorrelationIdHttpHeaderName, correlationId.ToString("N"));
}
return(await chain.DoFilter(message));
}
public Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
{
if (message == null)
{
throw new ArgumentException("message cannot be null");
}
// empty correlationId will be ignored.
if (Guid.Empty != chain.CorrelationId)
{
message.Headers.Add(XCorrelationIdHeader, chain.CorrelationId.ToString("N"));
}
return(chain.DoFilter(message));
}
// Do not forward the request down the filter chain.
/// <summary>Handles a request, that's not a CORS request, but is a valid request i.e.</summary>
/// <remarks>
/// Handles a request, that's not a CORS request, but is a valid request i.e.
/// it is not a cross-origin request. This implementation, just forwards the
/// request down the filter chain.
/// </remarks>
/// <param name="request">
/// The
/// <see cref="Javax.Servlet.Http.IHttpServletRequest"/>
/// object.
/// </param>
/// <param name="response">
/// The
/// <see cref="Javax.Servlet.Http.IHttpServletResponse"/>
/// object.
/// </param>
/// <param name="filterChain">
/// The
/// <see cref="Javax.Servlet.IFilterChain"/>
/// object.
/// </param>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Javax.Servlet.ServletException"/>
public void HandleNonCORS(IHttpServletRequest request, IHttpServletResponse response, IFilterChain filterChain)
{
// Let request pass.
filterChain.DoFilter(request, response);
}
public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain)
{
message.Headers.Add("User-Agent", userAgent);
return(await chain.DoFilter(message));
}
