public override void OnActionExecuting(ActionExecutingContext filterContext) { var httpContext = filterContext.HttpContext; var origin = httpContext.Request.Headers.Get(CorsConstants.Origin); if (origin != null) { if (AllowAnyOrigin) { httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin] = CorsConstants.AnyOrigin; httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods; httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders; } else if (AllowOrigins.Contains(origin, StringComparer.InvariantCultureIgnoreCase)) { httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin] = origin; httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods; httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders; } else { throw new HttpException((int)HttpStatusCode.Forbidden, $"The origin '{origin}' is not allowed."); } } base.OnActionExecuting(filterContext); }
public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers) { headers = null; string origin = null; try { origin = request.Headers.GetValues("Origin").FirstOrDefault(); } catch (Exception) { this.ErrorMessage = "Cross-origin request denied"; return(false); } Uri originUri = new Uri(origin); _Logger.DebugFormat("{0} origin: {1}", AllowOrigins.ToJson(), originUri.Authority); if (AllowOrigins.Contains(originUri.Authority)) { headers = this.GenerateResponseHeaders(request); return(true); } this.ErrorMessage = "Cross-origin request denied"; return(false); }
internal override IDictionary <string, IOpenApiAny> ToDictionary() { var children = new OpenApiObject(); if (AllowOrigins != null && AllowOrigins.Any()) { var allowOrigins = new OpenApiArray(); allowOrigins.AddRange(AllowOrigins.Select(x => new OpenApiString(x))); children[AllowOriginsKey] = allowOrigins; } if (AllowCredentials.HasValue) { children[AllowCredentialsKey] = new OpenApiBoolean(AllowCredentials.Value); } if (ExposeHeaders != null && ExposeHeaders.Any()) { var exposeHeaders = new OpenApiArray(); exposeHeaders.AddRange(ExposeHeaders.Select(x => new OpenApiString(x))); children[ExposeHeadersKey] = exposeHeaders; } if (MaxAge.HasValue) { children[MaxAgeKey] = new OpenApiInteger(MaxAge.Value); } if (AllowMethods != null && AllowMethods.Any()) { var allowMethods = new OpenApiArray(); allowMethods.AddRange(AllowMethods.Select(x => new OpenApiString(x))); children[AllowMethodsKey] = allowMethods; } if (AllowHeaders != null && AllowHeaders.Any()) { var allowHeaders = new OpenApiArray(); allowHeaders.AddRange(AllowHeaders.Select(x => new OpenApiString(x))); children[AllowHeadersKey] = allowHeaders; } return(new Dictionary <string, IOpenApiAny>() { { CORSRootKey, children } }); }
/// <summary> /// /// </summary> /// <param name="request"></param> /// <param name="headers"></param> /// <returns></returns> public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers) { headers = null; string origin = request.Headers.GetValues("Origin").First(); Uri originUri = new Uri(origin); if (AllowOrigins != null && AllowOrigins.Contains(originUri)) { headers = this.GenerateResponseHeaders(request); return(true); } this.ErrorMessage = "Cross-origin request denied"; return(false); }
static CorsAttribute() { try { AllowOrigins = Configuration.GetAppConfig("AllowCorsOrigins") .Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); _Logger.Debug(AllowOrigins.ToJson()); } catch (Exception ex) { _Logger.Error(Configuration.GetAppConfig("AllowCorsOrigins"), ex); } }
public bool TryEvaluate(HttpRequestMessage request, ref IDictionary <string, string> headers) { if (!request.Headers.Contains("Origin")) { return(true); } var origin = request.Headers.GetValues("Origin").First(); var originUri = new Uri(origin); if (AllowOrigins.Contains(originUri)) { GenerateResponseHeaders(headers, request, origin); return(true); } ErrorMessage = "Cross-origin request denied"; return(false); }