private bool IsOriginAllowed(CorsPolicy policy, StringValues origin) { if (StringValues.IsNullOrEmpty(origin)) { _logger?.RequestDoesNotHaveOriginHeader(); return(false); } _logger?.RequestHasOriginHeader(origin); if (policy.AllowAnyOrigin || policy.IsOriginAllowed(origin)) { return(true); } _logger?.PolicyFailure(); _logger?.OriginNotAllowed(origin); return(false); }
private void AddOriginToResult(string origin, CorsPolicy policy, CorsResult result) { if (policy.AllowAnyOrigin) { if (policy.SupportsCredentials) { result.AllowedOrigin = origin; result.VaryByOrigin = true; } else { result.AllowedOrigin = CorsConstants.AnyOrigin; } } else if (policy.IsOriginAllowed(origin)) { result.AllowedOrigin = origin; if (policy.Origins.Count > 1) { result.VaryByOrigin = true; } } }