private static IDownload CheckIntegrity(this CorsRequest cors, IDownload download)
{
var response = download.Task.Result;
var value = cors.Request.Source?.GetAttribute(AttributeNames.Integrity);
var integrity = cors.Integrity;
if (value is { Length : > 0 } && integrity != null && response != null)
private static IDownload CheckIntegrity(this CorsRequest cors, IDownload download)
{
var response = download.Task.Result;
var value = cors.Request.Source?.GetAttribute(AttributeNames.Integrity);
var integrity = cors.Integrity;
if (!String.IsNullOrEmpty(value) && integrity != null && response != null)
{
var content = new MemoryStream();
response.Content.CopyTo(content);
content.Position = 0;
if (!integrity.IsSatisfied(content.ToArray(), value))
{
response.Dispose();
throw new DomException(DomError.Security);
}
return(download.Wrap(new DefaultResponse
{
Address = response.Address,
Content = content,
Headers = response.Headers,
StatusCode = response.StatusCode
}));
}
return(download);
}
private static CorsRequest RedirectTo(this CorsRequest cors, Url url)
{
var oldRequest = cors.Request;
var newRequest = new ResourceRequest(oldRequest.Source, url)
{
IsCookieBlocked = oldRequest.IsCookieBlocked,
IsSameOriginForced = oldRequest.IsSameOriginForced,
Origin = oldRequest.Origin
};
return(new CorsRequest(newRequest)
{
Setting = cors.Setting,
Behavior = cors.Behavior,
Integrity = cors.Integrity
});
}
/// <summary>
/// Performs a potentially CORS-enabled fetch from the given URI by
/// using an asynchronous GET request. For more information see:
/// http://www.w3.org/TR/html5/infrastructure.html#potentially-cors-enabled-fetch
/// </summary>
/// <param name="loader">The resource loader to use.</param>
/// <param name="cors">The CORS request to issue.</param>
/// <returns>
/// The active download.
/// </returns>
public static IDownload FetchWithCorsAsync(this IResourceLoader loader, CorsRequest cors)
{
var request = cors.Request;
var setting = cors.Setting;
var url = request.Target;
if (request.Origin == url.Origin || url.Scheme == ProtocolNames.Data || url.Href is "about:blank")
{
return(loader.FetchFromSameOriginAsync(url, cors));
}
else if (setting == CorsSetting.Anonymous || setting == CorsSetting.UseCredentials)
{
return(loader.FetchFromDifferentOriginAsync(cors));
}
else if (setting == CorsSetting.None)
{
return(loader.FetchWithoutCorsAsync(request, cors.Behavior));
}
throw new DomException(DomError.Network);
}
private static IDownload FetchFromDifferentOriginAsync(this IResourceLoader loader, CorsRequest cors)
{
var request = cors.Request;
request.IsCredentialOmitted = cors.IsAnonymous();
var download = loader.FetchAsync(request);
return(download.Wrap(response =>
{
if (response?.StatusCode != HttpStatusCode.OK)
{
response?.Dispose();
throw new DomException(DomError.Network);
}
return cors.CheckIntegrity(download);
}));
}
private static IDownload FetchFromSameOriginAsync(this IResourceLoader loader, Url url, CorsRequest cors)
{
var request = cors.Request;
var download = loader.FetchAsync(new ResourceRequest(request.Source, url)
{
Origin = request.Origin,
IsManualRedirectDesired = true
});
return(download.Wrap(response =>
{
if (response.IsRedirected())
{
url.Href = response.Headers.GetOrDefault(HeaderNames.Location, url.Href);
return request.Origin.Is(url.Origin) ?
loader.FetchWithCorsAsync(cors.RedirectTo(url)) :
loader.FetchFromSameOriginAsync(url, cors);
}
return cors.CheckIntegrity(download);
}));
}
private static Boolean IsAnonymous(this CorsRequest cors) => cors.Setting == CorsSetting.Anonymous;
private static Boolean IsAnonymous(this CorsRequest cors)
{
return(cors.Setting == CorsSetting.Anonymous);
}