public HostContext(IDictionary<string, object> environment) { Request = new ServerRequest(environment); Response = new ServerResponse(environment); Environment = environment; }
public Task Invoke(IDictionary<string, object> environment) { var serverRequest = new ServerRequest(environment); var serverResponse = new ServerResponse(environment); var hostContext = new HostContext(serverRequest, serverResponse); // Add CORS support var origins = serverRequest.RequestHeaders.GetHeaders("Origin"); if (origins != null && origins.Any(origin => !String.IsNullOrEmpty(origin))) { serverResponse.ResponseHeaders["Access-Control-Allow-Origin"] = origins; serverResponse.ResponseHeaders["Access-Control-Allow-Credentials"] = AllowCredentialsTrue; } hostContext.Items[HostConstants.SupportsWebSockets] = LazyInitializer.EnsureInitialized( ref _supportWebSockets, ref _supportWebSocketsInitialized, ref _supportWebSocketsLock, () => environment.SupportsWebSockets()); hostContext.Items[HostConstants.ShutdownToken] = environment.GetShutdownToken(); hostContext.Items[HostConstants.DebugMode] = environment.GetIsDebugEnabled(); serverRequest.DisableRequestBuffering(); serverResponse.DisableResponseBuffering(); _connection.Initialize(_resolver, hostContext); return _connection.ProcessRequest(hostContext); }
public Task Invoke(IDictionary<string, object> environment) { var serverRequest = new ServerRequest(environment); var serverResponse = new ServerResponse(environment); var hostContext = new HostContext(serverRequest, serverResponse); string origin = serverRequest.RequestHeaders.GetHeader("Origin"); if (_configuration.EnableCrossDomain) { // Add CORS response headers support if (!String.IsNullOrEmpty(origin)) { serverResponse.ResponseHeaders.SetHeader("Access-Control-Allow-Origin", origin); serverResponse.ResponseHeaders.SetHeader("Access-Control-Allow-Credentials", "true"); } } else { string callback = serverRequest.QueryString["callback"]; // If it's a JSONP request and we're not allowing cross domain requests then block it // If there's an origin header and it's not a same origin request then block it. if (!String.IsNullOrEmpty(callback) || (!String.IsNullOrEmpty(origin) && !IsSameOrigin(serverRequest.Url, origin))) { return EndResponse(environment, 403, "Forbidden"); } } // Add the nosniff header for all responses to prevent IE from trying to sniff mime type from contents serverResponse.ResponseHeaders.SetHeader("X-Content-Type-Options", "nosniff"); hostContext.Items[HostConstants.SupportsWebSockets] = LazyInitializer.EnsureInitialized( ref _supportWebSockets, ref _supportWebSocketsInitialized, ref _supportWebSocketsLock, () => environment.SupportsWebSockets()); hostContext.Items[HostConstants.ShutdownToken] = environment.GetShutdownToken(); hostContext.Items[HostConstants.DebugMode] = environment.GetIsDebugEnabled(); serverRequest.DisableRequestCompression(); serverResponse.DisableResponseBuffering(); _connection.Initialize(_configuration.Resolver, hostContext); if (!_connection.Authorize(serverRequest)) { // If we failed to authorize the request then return a 403 since the request // can't do anything return EndResponse(environment, 403, "Forbidden"); } else { return _connection.ProcessRequest(hostContext); } }
public Task AcceptWebSocketRequest(Func<IWebSocket, Task> callback, Task initTask) { var accept = _environment.Get<Action<IDictionary<string, object>, WebSocketFunc>>(OwinConstants.WebSocketAccept); if (accept == null) { var response = new ServerResponse(_environment); response.StatusCode = 400; return response.End(Resources.Error_NotWebSocketRequest); } var handler = new OwinWebSocketHandler(callback, initTask); accept(null, handler.ProcessRequestAsync); return TaskAsyncHelper.Empty; }