public IServer EnableCors(CorsOption option) { _corsOption = option; return(this); }
public static Task Handler(CorsOption corsOption, HttpContext http) { var req = http.Request; var resp = http.Response; var method = http.Request.Method; if (req.Headers.TryGetValue("Origin", out StringValues origin)) { //未设corsOption直接拒绝cors请求 if (corsOption == null) { //直接返回,虽然status=200,但是没有相关access-control-allow-xxx,这个请求会在浏览器端失败。 return(resp.WriteAsync("")); } //检查origin var originVal = origin.FirstOrDefault(); if (!corsOption.IsOriginAllow(originVal)) { return(resp.WriteAsync("")); } //Access-Control-Allow-Origin必须 resp.Headers.Add("Access-Control-Allow-Origin", corsOption.AccessControlAllowOrigins == "*" ? "*" : originVal); if (corsOption.AccessControlAllowCredentials) { //Access-Control-Allow-Credentials可选 resp.Headers.Add("Access-Control-Allow-Credentials", "true"); } if (!string.IsNullOrEmpty(corsOption.AccessControlExposeHeaders)) { //Access-Control-Expose-Headers可选 resp.Headers.Add("Access-Control-Expose-Headers", corsOption.AccessControlExposeHeaders); } if (method == "OPTIONS") { //非简单请求 if (req.Headers.TryGetValue("Access-Control-Request-Method", out StringValues accessMethods)) { var accessMethodVal = accessMethods.FirstOrDefault(); if (corsOption.IsMethodAllow(accessMethodVal)) { //非简单请求Access-Control-Allow-Methods必须 resp.Headers.Add("Access-Control-Allow-Methods", corsOption.AccessControlAllowMethods); } } if (req.Headers.TryGetValue("Access-Control-Request-Headers", out StringValues accessHeaders)) { var accessHeaderVal = accessHeaders.FirstOrDefault(); if (corsOption.IsHeaderAllow(accessHeaderVal)) { //如果Access-Control-Request-Headers存在,则Access-Control-Allow-Headers是必须的 resp.Headers.Add("Access-Control-Allow-Headers", corsOption.AccessControlAllowHeaders); } } if (corsOption.AccessControlMaxAge.HasValue) { //Access-Control-Max-Age可选 resp.Headers.Add("Access-Control-Max-Age", corsOption.AccessControlMaxAge.ToString()); } //OPTIONS预检需要直接返回 return(resp.WriteAsync("")); } } return(null); }