private static GraphiteCorsPolicy CreatePolicy(ActionMethod action) { var policy = new GraphiteCorsPolicy(); Add <CorsExposedHeadersAttribute>(policy.ExposedHeaders, action, x => x.Headers); Add <CorsAllowedHeadersAttribute>(policy.Headers, action, x => x.Headers); Add <CorsAllowedMethodsAttribute>(policy.Methods, action, x => x.Methods); Add <CorsAllowedOriginsAttribute>(policy.Origins, action, x => x.Origins); var corsAttribute = action.GetActionOrHandlerAttribute <CorsAttribute>(); if (corsAttribute != null) { policy.AllowOptionRequestsToPassThrough = corsAttribute.AllowOptionRequestsToPassThrough; policy.AllowRequestsWithoutOriginHeader = corsAttribute.AllowRequestsWithoutOriginHeader; policy.AllowRequestsThatFailCors = corsAttribute.AllowRequestsThatFailCors; policy.AllowAnyHeader = corsAttribute.AllowAnyHeader; policy.AllowAnyMethod = corsAttribute.AllowAnyMethod; policy.AllowAnyOrigin = corsAttribute.AllowAnyOrigin; policy.PreflightMaxAge = corsAttribute.PreflightMaxAge; policy.SupportsCredentials = corsAttribute.SupportsCredentials; } return(policy); }
private async Task <HttpResponseMessage> FailRequest(GraphiteCorsPolicy corsPolicy, bool preflight, string message = null) { if (!preflight && corsPolicy.AllowRequestsThatFailCors) { return(await BehaviorChain.InvokeNext()); } if (preflight && corsPolicy.AllowOptionRequestsToPassThrough) { return(BadRequest(await BehaviorChain.InvokeNext(), message)); } return(BadRequest(message: message)); }
private async Task <HttpResponseMessage> HandleRequest(bool preflight, CorsRequestContext requestContext, GraphiteCorsPolicy corsPolicy) { if (preflight && !_configuration.SupportedHttpMethods.Contains( requestContext.AccessControlRequestMethod)) { return(await FailRequest(corsPolicy, true)); } var result = _corsEngine.EvaluatePolicy(requestContext, corsPolicy); if (result == null || !result.IsValid) { return(await FailRequest(corsPolicy, preflight, result?.ErrorMessages.Join(" "))); } var response = !preflight || corsPolicy.AllowOptionRequestsToPassThrough ? await BehaviorChain.InvokeNext() : _requestMessage.CreateResponse(); response.WriteCorsHeaders(result); return(response); }