public HostContext(IDictionary<string, object> environment)
{
Request = new ServerRequest(environment);
Response = new ServerResponse(environment);
Environment = environment;
}
public Task Invoke(IDictionary<string, object> environment)
{
var serverRequest = new ServerRequest(environment);
var serverResponse = new ServerResponse(environment);
var hostContext = new HostContext(serverRequest, serverResponse);
// Add CORS support
var origins = serverRequest.RequestHeaders.GetHeaders("Origin");
if (origins != null && origins.Any(origin => !String.IsNullOrEmpty(origin)))
{
serverResponse.ResponseHeaders["Access-Control-Allow-Origin"] = origins;
serverResponse.ResponseHeaders["Access-Control-Allow-Credentials"] = AllowCredentialsTrue;
}
hostContext.Items[HostConstants.SupportsWebSockets] = LazyInitializer.EnsureInitialized(
ref _supportWebSockets,
ref _supportWebSocketsInitialized,
ref _supportWebSocketsLock,
() => environment.SupportsWebSockets());
hostContext.Items[HostConstants.ShutdownToken] = environment.GetShutdownToken();
hostContext.Items[HostConstants.DebugMode] = environment.GetIsDebugEnabled();
serverRequest.DisableRequestBuffering();
serverResponse.DisableResponseBuffering();
_connection.Initialize(_resolver, hostContext);
return _connection.ProcessRequest(hostContext);
}
public Task Invoke(IDictionary<string, object> environment)
{
var serverRequest = new ServerRequest(environment);
var serverResponse = new ServerResponse(environment);
var hostContext = new HostContext(serverRequest, serverResponse);
string origin = serverRequest.RequestHeaders.GetHeader("Origin");
if (_configuration.EnableCrossDomain)
{
// Add CORS response headers support
if (!String.IsNullOrEmpty(origin))
{
serverResponse.ResponseHeaders.SetHeader("Access-Control-Allow-Origin", origin);
serverResponse.ResponseHeaders.SetHeader("Access-Control-Allow-Credentials", "true");
}
}
else
{
string callback = serverRequest.QueryString["callback"];
// If it's a JSONP request and we're not allowing cross domain requests then block it
// If there's an origin header and it's not a same origin request then block it.
if (!String.IsNullOrEmpty(callback) ||
(!String.IsNullOrEmpty(origin) && !IsSameOrigin(serverRequest.Url, origin)))
{
return EndResponse(environment, 403, "Forbidden");
}
}
// Add the nosniff header for all responses to prevent IE from trying to sniff mime type from contents
serverResponse.ResponseHeaders.SetHeader("X-Content-Type-Options", "nosniff");
hostContext.Items[HostConstants.SupportsWebSockets] = LazyInitializer.EnsureInitialized(
ref _supportWebSockets,
ref _supportWebSocketsInitialized,
ref _supportWebSocketsLock,
() => environment.SupportsWebSockets());
hostContext.Items[HostConstants.ShutdownToken] = environment.GetShutdownToken();
hostContext.Items[HostConstants.DebugMode] = environment.GetIsDebugEnabled();
serverRequest.DisableRequestCompression();
serverResponse.DisableResponseBuffering();
_connection.Initialize(_configuration.Resolver, hostContext);
if (!_connection.Authorize(serverRequest))
{
// If we failed to authorize the request then return a 403 since the request
// can't do anything
return EndResponse(environment, 403, "Forbidden");
}
else
{
return _connection.ProcessRequest(hostContext);
}
}
public Task AcceptWebSocketRequest(Func<IWebSocket, Task> callback, Task initTask)
{
var accept = _environment.Get<Action<IDictionary<string, object>, WebSocketFunc>>(OwinConstants.WebSocketAccept);
if (accept == null)
{
var response = new ServerResponse(_environment);
response.StatusCode = 400;
return response.End(Resources.Error_NotWebSocketRequest);
}
var handler = new OwinWebSocketHandler(callback, initTask);
accept(null, handler.ProcessRequestAsync);
return TaskAsyncHelper.Empty;
}
