public static void AddCorsHeaders(this HttpResponseMessage response, CorsResult result) { foreach (var item in result.ToResponseHeaders()) { response.Headers.TryAddWithoutValidation(item.Key, item.Value); } }
/// <summary> /// Try to validate the requested method based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the requested method is valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateMethod(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (policy.AllowAnyMethod || policy.Methods.Contains(requestContext.AccessControlRequestMethod)) { result.AllowedMethods.Add(requestContext.AccessControlRequestMethod); } else { result.ErrorMessages.Add(String.Format( CultureInfo.CurrentCulture, SRResources.MethodNotAllowed, requestContext.AccessControlRequestMethod)); } return result.IsValid; }
public override bool TryValidateOrigin(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException(nameof(requestContext)); } if (policy == null) { throw new ArgumentNullException(nameof(policy)); } if (result == null) { throw new ArgumentNullException(nameof(result)); } if (requestContext.Origin != null) { if (policy.AllowAnyOrigin) { if (policy.SupportsCredentials) { result.AllowedOrigin = requestContext.Origin; } else { result.AllowedOrigin = CorsConstants.AnyOrigin; } } else if (policy.Origins.Any(x => UrlExtensions.IsSubdomainOf(requestContext.Origin, x))) { result.AllowedOrigin = requestContext.Origin; } else { result.ErrorMessages.Add($"Origin {requestContext.Origin} not allowed"); } } else { result.ErrorMessages.Add("No origin header present"); } return result.IsValid; }
/// <summary> /// Evaluates the policy. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext" />.</param> /// <param name="policy">The <see cref="CorsPolicy" />.</param> /// <returns> /// The <see cref="CorsResult" /> /// </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// </exception> public virtual CorsResult EvaluatePolicy( CorsRequestContext requestContext, CorsPolicy policy ) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } CorsResult result = new CorsResult(); if (!TryValidateOrigin(requestContext, policy, result)) { return(result); } result.SupportsCredentials = policy.SupportsCredentials; if (requestContext.IsPreflight) { if (!TryValidateMethod(requestContext, policy, result)) { return(result); } if (!TryValidateHeaders(requestContext, policy, result)) { return(result); } result.PreflightMaxAge = policy.PreflightMaxAge; } else { AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders); } return(result); }
/// <summary> /// Writes the CORS headers on the response. /// </summary> /// <param name="response">The <see cref="HttpResponseMessage"/>.</param> /// <param name="corsResult">The <see cref="CorsResult"/>.</param> /// <exception cref="System.ArgumentNullException"> /// response /// or /// corsResult /// </exception> public static void WriteCorsHeaders(this HttpResponseMessage response, CorsResult corsResult) { if (response == null) { throw new ArgumentNullException("response"); } if (corsResult == null) { throw new ArgumentNullException("corsResult"); } IDictionary<string, string> corsHeaders = corsResult.ToResponseHeaders(); if (corsHeaders != null) { foreach (KeyValuePair<string, string> header in corsHeaders) { response.Headers.TryAddWithoutValidation(header.Key, header.Value); } } }
/// <summary> /// Evaluates the policy. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext" />.</param> /// <param name="policy">The <see cref="CorsPolicy" />.</param> /// <returns> /// The <see cref="CorsResult" /> /// </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// </exception> public virtual CorsResult EvaluatePolicy(CorsRequestContext requestContext, CorsPolicy policy) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } CorsResult result = new CorsResult(); if (!TryValidateOrigin(requestContext, policy, result)) { return result; } result.SupportsCredentials = policy.SupportsCredentials; if (requestContext.IsPreflight) { if (!TryValidateMethod(requestContext, policy, result)) { return result; } if (!TryValidateHeaders(requestContext, policy, result)) { return result; } result.PreflightMaxAge = policy.PreflightMaxAge; } else { AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders); } return result; }
/// <summary> /// Try to validate the requested method based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the requested method is valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateMethod( CorsRequestContext requestContext, CorsPolicy policy, CorsResult result ) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if ( policy.AllowAnyMethod || policy.Methods.Contains(requestContext.AccessControlRequestMethod) ) { result.AllowedMethods.Add(requestContext.AccessControlRequestMethod); } else { result.ErrorMessages.Add( String.Format( CultureInfo.CurrentCulture, SRResources.MethodNotAllowed, requestContext.AccessControlRequestMethod ) ); } return(result.IsValid); }
/// <summary> /// Try to validate the requested headers based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the requested headers are valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateHeaders( CorsRequestContext requestContext, CorsPolicy policy, CorsResult result ) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if ( policy.AllowAnyHeader || requestContext.AccessControlRequestHeaders.IsSubsetOf(policy.Headers) ) { AddHeaderValues(result.AllowedHeaders, requestContext.AccessControlRequestHeaders); } else { result.ErrorMessages.Add( String.Format( CultureInfo.CurrentCulture, SRResources.HeadersNotAllowed, String.Join(",", requestContext.AccessControlRequestHeaders) ) ); } return(result.IsValid); }
private bool TryEvaluateCorsPolicy(CorsRequestContext requestContext, CorsPolicy corsPolicy, out CorsResult corsResult) { ICorsEngine engine = _httpConfiguration.GetCorsEngine(); corsResult = engine.EvaluatePolicy(requestContext, corsPolicy); return corsResult != null && corsResult.IsValid; }
/// <summary> /// Try to validate the request origin based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the request origin is valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateOrigin(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (requestContext.Origin != null) { if (policy.AllowAnyOrigin) { if (policy.SupportsCredentials) { result.AllowedOrigin = requestContext.Origin; } else { result.AllowedOrigin = CorsConstants.AnyOrigin; } } else if (policy.Origins.Contains(requestContext.Origin)) { result.AllowedOrigin = requestContext.Origin; } else { result.ErrorMessages.Add(String.Format( CultureInfo.CurrentCulture, SRResources.OriginNotAllowed, requestContext.Origin)); } } else { result.ErrorMessages.Add(SRResources.NoOriginHeader); } return result.IsValid; }
/// <summary> /// Try to validate the requested headers based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the requested headers are valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateHeaders(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (policy.AllowAnyHeader || requestContext.AccessControlRequestHeaders.IsSubsetOf(policy.Headers)) { AddHeaderValues(result.AllowedHeaders, requestContext.AccessControlRequestHeaders); } else { result.ErrorMessages.Add(String.Format( CultureInfo.CurrentCulture, SRResources.HeadersNotAllowed, String.Join(",", requestContext.AccessControlRequestHeaders))); } return result.IsValid; }
public virtual bool TryValidateOrigin(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (requestContext.Origin != null) { if (policy.AllowAnyOrigin) { if (policy.SupportsCredentials) { result.AllowedOrigin = requestContext.Origin; } else { result.AllowedOrigin = CorsConstants.AnyOrigin; } } else if (policy.Origins.Contains(requestContext.Origin)) { result.AllowedOrigin = requestContext.Origin; } else { result.ErrorMessages.Add(string.Format(CultureInfo.CurrentCulture, "OriginNotAllowed=The origin '{0}' is not allowed.", new object[] { requestContext.Origin })); } } else { result.ErrorMessages.Add("The request does not contain the Origin header."); } return(result.IsValid); }
public virtual bool TryValidateHeaders(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (policy.AllowAnyHeader || requestContext.AccessControlRequestHeaders.IsSubsetOf(policy.Headers)) { AddHeaderValues(result.AllowedHeaders, requestContext.AccessControlRequestHeaders); } else { result.ErrorMessages.Add(string.Format(CultureInfo.CurrentCulture, "The collection of headers '{0}' is not allowed.", new object[] { string.Join(",", requestContext.AccessControlRequestHeaders) })); } return(result.IsValid); }
private void WriteCorsHeaders(CorsResult result, OAuthValidateTokenRequestContext context) { var headers = result.ToResponseHeaders(); if (headers != null) { foreach (var header in headers) { context.Response.Headers.Append(header.Key, header.Value); } } }
private bool TryEvaluateCorsPolicy(CorsPolicy policy, CorsRequestContext corsRequestContext, out CorsResult result) { result = _corsEngine.EvaluatePolicy(corsRequestContext, policy); return result != null && result.IsValid; }
private static void WriteCorsHeaders(IOwinContext context, CorsResult result) { IDictionary<string, string> corsHeaders = result.ToResponseHeaders(); if (corsHeaders != null) { foreach (var header in corsHeaders) { context.Response.Headers.Set(header.Key, header.Value); } } }
/// <summary> /// Try to validate the request origin based on <see cref="CorsPolicy"/>. /// </summary> /// <param name="requestContext">The <see cref="CorsRequestContext"/>.</param> /// <param name="policy">The <see cref="CorsPolicy"/>.</param> /// <param name="result">The <see cref="CorsResult"/>.</param> /// <returns><c>true</c> if the request origin is valid; otherwise, <c>false</c>. </returns> /// <exception cref="System.ArgumentNullException"> /// requestContext /// or /// policy /// or /// result /// </exception> public virtual bool TryValidateOrigin(CorsRequestContext requestContext, CorsPolicy policy, CorsResult result) { if (requestContext == null) { throw new ArgumentNullException("requestContext"); } if (policy == null) { throw new ArgumentNullException("policy"); } if (result == null) { throw new ArgumentNullException("result"); } if (requestContext.Origin != null) { if (policy.AllowAnyOrigin) { if (policy.SupportsCredentials) { result.AllowedOrigin = requestContext.Origin; } else { result.AllowedOrigin = CorsConstants.AnyOrigin; } } else if (policy.Origins.Contains(requestContext.Origin)) { result.AllowedOrigin = requestContext.Origin; } else { result.ErrorMessages.Add(String.Format( CultureInfo.CurrentCulture, SRResources.OriginNotAllowed, requestContext.Origin)); } } else { result.ErrorMessages.Add(SRResources.NoOriginHeader); } return(result.IsValid); }