public override void OnActionExecuting(ActionExecutingContext filterContext) { var httpContext = filterContext.HttpContext; var origin = httpContext.Request.Headers.Get(CorsConstants.Origin); if (origin != null) { if (AllowAnyOrigin) { httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin] = CorsConstants.AnyOrigin; httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods; httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders; } else if (AllowOrigins.Contains(origin, StringComparer.InvariantCultureIgnoreCase)) { httpContext.Response.Headers[CorsConstants.AccessControlAllowOrigin] = origin; httpContext.Response.Headers[CorsConstants.AccessControlAllowMethods] = AllowMethods; httpContext.Response.Headers[CorsConstants.AccessControlAllowHeaders] = AllowHeaders; } else { throw new HttpException((int)HttpStatusCode.Forbidden, $"The origin '{origin}' is not allowed."); } } base.OnActionExecuting(filterContext); }
public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers) { headers = null; string origin = null; try { origin = request.Headers.GetValues("Origin").FirstOrDefault(); } catch (Exception) { this.ErrorMessage = "Cross-origin request denied"; return(false); } Uri originUri = new Uri(origin); _Logger.DebugFormat("{0} origin: {1}", AllowOrigins.ToJson(), originUri.Authority); if (AllowOrigins.Contains(originUri.Authority)) { headers = this.GenerateResponseHeaders(request); return(true); } this.ErrorMessage = "Cross-origin request denied"; return(false); }
/// <summary> /// /// </summary> /// <param name="request"></param> /// <param name="headers"></param> /// <returns></returns> public bool TryEvaluate(HttpRequestMessage request, out IDictionary <string, string> headers) { headers = null; string origin = request.Headers.GetValues("Origin").First(); Uri originUri = new Uri(origin); if (AllowOrigins != null && AllowOrigins.Contains(originUri)) { headers = this.GenerateResponseHeaders(request); return(true); } this.ErrorMessage = "Cross-origin request denied"; return(false); }
public bool TryEvaluate(HttpRequestMessage request, ref IDictionary <string, string> headers) { if (!request.Headers.Contains("Origin")) { return(true); } var origin = request.Headers.GetValues("Origin").First(); var originUri = new Uri(origin); if (AllowOrigins.Contains(originUri)) { GenerateResponseHeaders(headers, request, origin); return(true); } ErrorMessage = "Cross-origin request denied"; return(false); }