Пример #1
0
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var httpContext = filterContext.HttpContext;
            var origin      = httpContext.Request.Headers.Get(CorsConstants.Origin);

            if (origin != null)
            {
                if (AllowAnyOrigin)
                {
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin]  = CorsConstants.AnyOrigin;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders;
                }
                else if (AllowOrigins.Contains(origin, StringComparer.InvariantCultureIgnoreCase))
                {
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin]  = origin;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders;
                }
                else
                {
                    throw new HttpException((int)HttpStatusCode.Forbidden, $"The origin '{origin}' is not allowed.");
                }
            }

            base.OnActionExecuting(filterContext);
        }
Пример #2
0
        public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers)
        {
            headers = null;
            string origin = null;

            try
            {
                origin = request.Headers.GetValues("Origin").FirstOrDefault();
            }
            catch (Exception)
            {
                this.ErrorMessage = "Cross-origin request denied";
                return(false);
            }
            Uri originUri = new Uri(origin);

            _Logger.DebugFormat("{0} origin: {1}", AllowOrigins.ToJson(), originUri.Authority);
            if (AllowOrigins.Contains(originUri.Authority))
            {
                headers = this.GenerateResponseHeaders(request);
                return(true);
            }

            this.ErrorMessage = "Cross-origin request denied";
            return(false);
        }
Пример #3
0
        internal override IDictionary <string, IOpenApiAny> ToDictionary()
        {
            var children = new OpenApiObject();

            if (AllowOrigins != null && AllowOrigins.Any())
            {
                var allowOrigins = new OpenApiArray();
                allowOrigins.AddRange(AllowOrigins.Select(x => new OpenApiString(x)));

                children[AllowOriginsKey] = allowOrigins;
            }

            if (AllowCredentials.HasValue)
            {
                children[AllowCredentialsKey] = new OpenApiBoolean(AllowCredentials.Value);
            }

            if (ExposeHeaders != null && ExposeHeaders.Any())
            {
                var exposeHeaders = new OpenApiArray();
                exposeHeaders.AddRange(ExposeHeaders.Select(x => new OpenApiString(x)));

                children[ExposeHeadersKey] = exposeHeaders;
            }

            if (MaxAge.HasValue)
            {
                children[MaxAgeKey] = new OpenApiInteger(MaxAge.Value);
            }

            if (AllowMethods != null && AllowMethods.Any())
            {
                var allowMethods = new OpenApiArray();
                allowMethods.AddRange(AllowMethods.Select(x => new OpenApiString(x)));

                children[AllowMethodsKey] = allowMethods;
            }

            if (AllowHeaders != null && AllowHeaders.Any())
            {
                var allowHeaders = new OpenApiArray();
                allowHeaders.AddRange(AllowHeaders.Select(x => new OpenApiString(x)));

                children[AllowHeadersKey] = allowHeaders;
            }

            return(new Dictionary <string, IOpenApiAny>()
            {
                { CORSRootKey, children }
            });
        }
Пример #4
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="request"></param>
        /// <param name="headers"></param>
        /// <returns></returns>
        public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers)
        {
            headers = null;
            string origin    = request.Headers.GetValues("Origin").First();
            Uri    originUri = new Uri(origin);

            if (AllowOrigins != null && AllowOrigins.Contains(originUri))
            {
                headers = this.GenerateResponseHeaders(request);
                return(true);
            }
            this.ErrorMessage = "Cross-origin request denied";
            return(false);
        }
Пример #5
0
        static CorsAttribute()
        {
            try
            {
                AllowOrigins = Configuration.GetAppConfig("AllowCorsOrigins")
                               .Split(new char[] { ',' },
                                      StringSplitOptions.RemoveEmptyEntries);

                _Logger.Debug(AllowOrigins.ToJson());
            }
            catch (Exception ex)
            {
                _Logger.Error(Configuration.GetAppConfig("AllowCorsOrigins"), ex);
            }
        }
Пример #6
0
        public bool TryEvaluate(HttpRequestMessage request, ref IDictionary <string, string> headers)
        {
            if (!request.Headers.Contains("Origin"))
            {
                return(true);
            }
            var origin    = request.Headers.GetValues("Origin").First();
            var originUri = new Uri(origin);

            if (AllowOrigins.Contains(originUri))
            {
                GenerateResponseHeaders(headers, request, origin);
                return(true);
            }
            ErrorMessage = "Cross-origin request denied";
            return(false);
        }