// --------------------------------------------------------------- Handlers /// <summary> /// Handles a CORS request of type /// <see cref="CORSRequestType"/> /// .SIMPLE. /// </summary> /// <param name="request"> /// The /// <see cref="Javax.Servlet.Http.IHttpServletRequest"/> /// object. /// </param> /// <param name="response"> /// The /// <see cref="Javax.Servlet.Http.IHttpServletResponse"/> /// object. /// </param> /// <param name="filterChain"> /// The /// <see cref="Javax.Servlet.IFilterChain"/> /// object. /// </param> /// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Servlet.ServletException"/> /// <seealso><a href="http://www.w3.org/TR/cors/#resource-requests">Simple /// * Cross-Origin Request, Actual Request, and Redirects</a></seealso> public void HandleSimpleCORS(IHttpServletRequest request, IHttpServletResponse response, IFilterChain filterChain) { CORSFilter.CORSRequestType requestType = CheckRequestType(request); if (!(requestType == CORSFilter.CORSRequestType.Simple || requestType == CORSFilter.CORSRequestType.Actual)) { string message = "Expects a HttpServletRequest object of type " + CORSFilter.CORSRequestType.Simple + " or " + CORSFilter.CORSRequestType.Actual; throw new ArgumentException(message); } string origin = request.GetHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.RequestHeaderOrigin); string method = request.GetMethod(); // Section 6.1.2 if (!IsOriginAllowed(origin)) { HandleInvalidCORS(request, response, filterChain); return; } if (!allowedHttpMethods.Contains(method)) { HandleInvalidCORS(request, response, filterChain); return; } // Section 6.1.3 // Add a single Access-Control-Allow-Origin header. if (anyOriginAllowed && !supportsCredentials) { // If resource doesn't support credentials and if any origin is // allowed // to make CORS request, return header with '*'. response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, "*"); } else { // If the resource supports credentials add a single // Access-Control-Allow-Origin header, with the value of the Origin // header as value. response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, origin); } // Section 6.1.3 // If the resource supports credentials, add a single // Access-Control-Allow-Credentials header with the case-sensitive // string "true" as value. if (supportsCredentials) { response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowCredentials, "true"); } // Section 6.1.4 // If the list of exposed headers is not empty add one or more // Access-Control-Expose-Headers headers, with as values the header // field names given in the list of exposed headers. if ((exposedHeaders != null) && (exposedHeaders.Count > 0)) { string exposedHeadersString = Join(exposedHeaders, ","); response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlExposeHeaders, exposedHeadersString); } // Forward the request down the filter chain. filterChain.DoFilter(request, response); }
public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain) { if (isAuthenticating) { message.Headers.Authorization = this.CreateAuthHeader(); } return(await chain.DoFilter(message)); }
/// <summary> /// Uses AsyncLocal to retrieve the correlationId. Not needed if we decide to use the IFilterChain to pass correlationId. /// </summary> /// <param name="message"></param> /// <param name="chain"></param> /// <returns></returns> public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain) { // add header Guid correlationId = AsyncCorrelation.RetrieveCorrelationId(); // empty correlationId will be ignored. if (Guid.Empty != correlationId) { message.Headers.Add(CorrelationIdHttpHeaderName, correlationId.ToString("N")); } return(await chain.DoFilter(message)); }
public Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain) { if (message == null) { throw new ArgumentException("message cannot be null"); } // empty correlationId will be ignored. if (Guid.Empty != chain.CorrelationId) { message.Headers.Add(XCorrelationIdHeader, chain.CorrelationId.ToString("N")); } return(chain.DoFilter(message)); }
// Do not forward the request down the filter chain. /// <summary>Handles a request, that's not a CORS request, but is a valid request i.e.</summary> /// <remarks> /// Handles a request, that's not a CORS request, but is a valid request i.e. /// it is not a cross-origin request. This implementation, just forwards the /// request down the filter chain. /// </remarks> /// <param name="request"> /// The /// <see cref="Javax.Servlet.Http.IHttpServletRequest"/> /// object. /// </param> /// <param name="response"> /// The /// <see cref="Javax.Servlet.Http.IHttpServletResponse"/> /// object. /// </param> /// <param name="filterChain"> /// The /// <see cref="Javax.Servlet.IFilterChain"/> /// object. /// </param> /// <exception cref="System.IO.IOException"/> /// <exception cref="Javax.Servlet.ServletException"/> public void HandleNonCORS(IHttpServletRequest request, IHttpServletResponse response, IFilterChain filterChain) { // Let request pass. filterChain.DoFilter(request, response); }
public async Task <HttpResponseMessage> Filter(HttpRequestMessage message, IFilterChain chain) { message.Headers.Add("User-Agent", userAgent); return(await chain.DoFilter(message)); }