public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var httpContext = filterContext.HttpContext;
            var origin      = httpContext.Request.Headers.Get(CorsConstants.Origin);

            if (origin != null)
            {
                if (AllowAnyOrigin)
                {
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin]  = CorsConstants.AnyOrigin;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders;
                }
                else if (AllowOrigins.Contains(origin, StringComparer.InvariantCultureIgnoreCase))
                {
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin]  = origin;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods;
                    httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders;
                }
                else
                {
                    throw new HttpException((int)HttpStatusCode.Forbidden, $"The origin '{origin}' is not allowed.");
                }
            }

            base.OnActionExecuting(filterContext);
        }
Пример #2
0
        public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers)
        {
            headers = null;
            string origin = null;

            try
            {
                origin = request.Headers.GetValues("Origin").FirstOrDefault();
            }
            catch (Exception)
            {
                this.ErrorMessage = "Cross-origin request denied";
                return(false);
            }
            Uri originUri = new Uri(origin);

            _Logger.DebugFormat("{0} origin: {1}", AllowOrigins.ToJson(), originUri.Authority);
            if (AllowOrigins.Contains(originUri.Authority))
            {
                headers = this.GenerateResponseHeaders(request);
                return(true);
            }

            this.ErrorMessage = "Cross-origin request denied";
            return(false);
        }
Пример #3
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="request"></param>
        /// <param name="headers"></param>
        /// <returns></returns>
        public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers)
        {
            headers = null;
            string origin    = request.Headers.GetValues("Origin").First();
            Uri    originUri = new Uri(origin);

            if (AllowOrigins != null && AllowOrigins.Contains(originUri))
            {
                headers = this.GenerateResponseHeaders(request);
                return(true);
            }
            this.ErrorMessage = "Cross-origin request denied";
            return(false);
        }
Пример #4
0
        public bool TryEvaluate(HttpRequestMessage request, ref IDictionary <string, string> headers)
        {
            if (!request.Headers.Contains("Origin"))
            {
                return(true);
            }
            var origin    = request.Headers.GetValues("Origin").First();
            var originUri = new Uri(origin);

            if (AllowOrigins.Contains(originUri))
            {
                GenerateResponseHeaders(headers, request, origin);
                return(true);
            }
            ErrorMessage = "Cross-origin request denied";
            return(false);
        }