public void HttpMethodActionConstraint_Accept_CaseInsensitive(IEnumerable <string> httpMethods, string expectedMethod)
{
// Arrange
var constraint = new CorsHttpMethodActionConstraint(new HttpMethodActionConstraint(httpMethods)) as IActionConstraint;
var context = CreateActionConstraintContext(constraint);
context.RouteContext = CreateRouteContext(expectedMethod);
// Act
var result = constraint.Accept(context);
// Assert
Assert.True(result, "Request should have been accepted.");
}
public void HttpMethodActionConstraint_RejectsOptionsRequest_WithoutAccessControlMethod()
{
// Arrange
var constraint = new CorsHttpMethodActionConstraint(new HttpMethodActionConstraint(new[] { "GET", "Post" })) as IActionConstraint;
var context = CreateActionConstraintContext(constraint);
context.RouteContext = CreateRouteContext("oPtIoNs", accessControlMethod: "");
// Act
var result = constraint.Accept(context);
// Assert
Assert.False(result, "Request should have been rejected.");
}
private static void ConfigureCorsActionConstraint(ActionModel actionModel)
{
var selectors = actionModel.Selectors;
// Read interface .Count once rather than per iteration
var selectorsCount = selectors.Count;
for (var i = 0; i < selectorsCount; i++)
{
var selectorModel = selectors[i];
var actionConstraints = selectorModel.ActionConstraints;
// Read interface .Count once rather than per iteration
var actionConstraintsCount = actionConstraints.Count;
for (var j = 0; j < actionConstraintsCount; j++)
{
if (actionConstraints[j] is HttpMethodActionConstraint httpConstraint)
{
actionConstraints[j] = new CorsHttpMethodActionConstraint(httpConstraint);
}
}
}
}
