public void HttpMethodActionConstraint_RejectsOptionsRequest_WithoutAccessControlMethod() { // Arrange var constraint = new CorsHttpMethodActionConstraint(new HttpMethodActionConstraint(new[] { "GET", "Post" })) as IActionConstraint; var context = CreateActionConstraintContext(constraint); context.RouteContext = CreateRouteContext("oPtIoNs", accessControlMethod: ""); // Act var result = constraint.Accept(context); // Assert Assert.False(result, "Request should have been rejected."); }
public void HttpMethodActionConstraint_Accept_CaseInsensitive(IEnumerable <string> httpMethods, string expectedMethod) { // Arrange var constraint = new CorsHttpMethodActionConstraint(new HttpMethodActionConstraint(httpMethods)) as IActionConstraint; var context = CreateActionConstraintContext(constraint); context.RouteContext = CreateRouteContext(expectedMethod); // Act var result = constraint.Accept(context); // Assert Assert.True(result, "Request should have been accepted."); }
private static void ConfigureCorsActionConstraint(ActionModel actionModel) { var selectors = actionModel.Selectors; // Read interface .Count once rather than per iteration var selectorsCount = selectors.Count; for (var i = 0; i < selectorsCount; i++) { var selectorModel = selectors[i]; var actionConstraints = selectorModel.ActionConstraints; // Read interface .Count once rather than per iteration var actionConstraintsCount = actionConstraints.Count; for (var j = 0; j < actionConstraintsCount; j++) { if (actionConstraints[j] is HttpMethodActionConstraint httpConstraint) { actionConstraints[j] = new CorsHttpMethodActionConstraint(httpConstraint); } } } }