public override bool IsValidForRequest(ControllerContext controllerContext, MethodInfo methodInfo)
{
var httpMethod = (string)(controllerContext.RouteData.Values["httpMethod"] ??
controllerContext.HttpContext.Request.GetHttpMethod());
return(HttpMethods.Contains(httpMethod));
}
internal bool SupportHttpMethod(string method)
{
// If the Httpmethods is empty, let it go
if (HttpMethods.Count == 0)
{
return(true);
}
return(HttpMethods.Contains(method));
}
public RouteResolutionResult Apply(object request, string httpMethod)
{
if (!this.IsValid)
{
return(RouteResolutionResult.Error(this.ErrorMsg));
}
if (HttpMethods != null && HttpMethods.Length != 0 && httpMethod != null && !HttpMethods.Contains(httpMethod) && !HttpMethods.Contains("ANY"))
{
return(RouteResolutionResult.Error("Allowed HTTP methods '{0}' does not support the specified '{1}' method."
.Fmt(HttpMethods.Join(", "), httpMethod)));
}
var uri = this.Path;
var unmatchedVariables = new List <string>();
foreach (var variable in this.variablesMap)
{
var property = variable.Value;
var value = property.GetValue(request, null);
if (value == null)
{
unmatchedVariables.Add(variable.Key);
continue;
}
var variableValue = FormatVariable(value);
uri = uri.Replace(VariablePrefix + variable.Key + VariablePostfix, variableValue);
}
if (unmatchedVariables.Any())
{
var errMsg = "Could not match following variables: " + string.Join(",", unmatchedVariables.ToArray());
return(RouteResolutionResult.Error(errMsg));
}
return(RouteResolutionResult.Success(uri));
}
/// <summary>Determines the request type.</summary>
/// <param name="request"/>
/// <returns/>
public CORSFilter.CORSRequestType CheckRequestType(IHttpServletRequest request)
{
CORSFilter.CORSRequestType requestType = CORSFilter.CORSRequestType.InvalidCors;
if (request == null)
{
throw new ArgumentException("HttpServletRequest object is null");
}
string originHeader = request.GetHeader(RequestHeaderOrigin);
// Section 6.1.1 and Section 6.2.1
if (originHeader != null)
{
if (originHeader.IsEmpty())
{
requestType = CORSFilter.CORSRequestType.InvalidCors;
}
else
{
if (!IsValidOrigin(originHeader))
{
requestType = CORSFilter.CORSRequestType.InvalidCors;
}
else
{
string method = request.GetMethod();
if (method != null && HttpMethods.Contains(method))
{
if ("OPTIONS".Equals(method))
{
string accessControlRequestMethodHeader = request.GetHeader(RequestHeaderAccessControlRequestMethod);
if (accessControlRequestMethodHeader != null && !accessControlRequestMethodHeader.IsEmpty())
{
requestType = CORSFilter.CORSRequestType.PreFlight;
}
else
{
if (accessControlRequestMethodHeader != null && accessControlRequestMethodHeader.IsEmpty())
{
requestType = CORSFilter.CORSRequestType.InvalidCors;
}
else
{
requestType = CORSFilter.CORSRequestType.Actual;
}
}
}
else
{
if ("GET".Equals(method) || "HEAD".Equals(method))
{
requestType = CORSFilter.CORSRequestType.Simple;
}
else
{
if ("POST".Equals(method))
{
string contentType = request.GetContentType();
if (contentType != null)
{
contentType = contentType.ToLower().Trim();
if (SimpleHttpRequestContentTypeValues.Contains(contentType))
{
requestType = CORSFilter.CORSRequestType.Simple;
}
else
{
requestType = CORSFilter.CORSRequestType.Actual;
}
}
}
else
{
if (ComplexHttpMethods.Contains(method))
{
requestType = CORSFilter.CORSRequestType.Actual;
}
}
}
}
}
}
}
}
else
{
requestType = CORSFilter.CORSRequestType.NotCors;
}
return(requestType);
}
/// <summary>Handles CORS pre-flight request.</summary>
/// <param name="request">
/// The
/// <see cref="Javax.Servlet.Http.IHttpServletRequest"/>
/// object.
/// </param>
/// <param name="response">
/// The
/// <see cref="Javax.Servlet.Http.IHttpServletResponse"/>
/// object.
/// </param>
/// <param name="filterChain">
/// The
/// <see cref="Javax.Servlet.IFilterChain"/>
/// object.
/// </param>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Javax.Servlet.ServletException"/>
public void HandlePreflightCORS(IHttpServletRequest request, IHttpServletResponse response, IFilterChain filterChain)
{
CORSFilter.CORSRequestType requestType = CheckRequestType(request);
if (requestType != CORSFilter.CORSRequestType.PreFlight)
{
throw new ArgumentException("Expects a HttpServletRequest object of type " + CORSFilter.CORSRequestType.PreFlight.ToString().ToLower());
}
string origin = request.GetHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.RequestHeaderOrigin);
// Section 6.2.2
if (!IsOriginAllowed(origin))
{
HandleInvalidCORS(request, response, filterChain);
return;
}
// Section 6.2.3
string accessControlRequestMethod = request.GetHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.RequestHeaderAccessControlRequestMethod);
if (accessControlRequestMethod == null || (!HttpMethods.Contains(accessControlRequestMethod.Trim())))
{
HandleInvalidCORS(request, response, filterChain);
return;
}
else
{
accessControlRequestMethod = accessControlRequestMethod.Trim();
}
// Section 6.2.4
string accessControlRequestHeadersHeader = request.GetHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.RequestHeaderAccessControlRequestHeaders);
IList <string> accessControlRequestHeaders = new LinkedList <string>();
if (accessControlRequestHeadersHeader != null && !accessControlRequestHeadersHeader.Trim().IsEmpty())
{
string[] headers = accessControlRequestHeadersHeader.Trim().Split(",");
foreach (string header in headers)
{
accessControlRequestHeaders.Add(header.Trim().ToLower());
}
}
// Section 6.2.5
if (!allowedHttpMethods.Contains(accessControlRequestMethod))
{
HandleInvalidCORS(request, response, filterChain);
return;
}
// Section 6.2.6
if (!accessControlRequestHeaders.IsEmpty())
{
foreach (string header in accessControlRequestHeaders)
{
if (!allowedHttpHeaders.Contains(header))
{
HandleInvalidCORS(request, response, filterChain);
return;
}
}
}
// Section 6.2.7
if (supportsCredentials)
{
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, origin);
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowCredentials, "true");
}
else
{
if (anyOriginAllowed)
{
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, "*");
}
else
{
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowOrigin, origin);
}
}
// Section 6.2.8
if (preflightMaxAge > 0)
{
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlMaxAge, preflightMaxAge.ToString());
}
// Section 6.2.9
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowMethods, accessControlRequestMethod);
// Section 6.2.10
if ((allowedHttpHeaders != null) && (!allowedHttpHeaders.IsEmpty()))
{
response.AddHeader(Edu.Stanford.Nlp.Naturalli.Demo.CORSFilter.ResponseHeaderAccessControlAllowHeaders, Join(allowedHttpHeaders, ","));
}
}
