public void GetCorsEngine_ReturnsDefaultCorsEngine() { HttpConfiguration config = new HttpConfiguration(); ICorsEngine corsEngine = config.GetCorsEngine(); Assert.IsType(typeof(CorsEngine), corsEngine); }
private bool TryEvaluateCorsPolicy(CorsRequestContext requestContext, CorsPolicy corsPolicy, out CorsResult corsResult) { ICorsEngine engine = _httpConfiguration.GetCorsEngine(); corsResult = engine.EvaluatePolicy(requestContext, corsPolicy); return(corsResult != null && corsResult.IsValid); }
private static void AddCorsMessageHandler(this HttpConfiguration httpConfiguration) { object corsEnabled; if (!httpConfiguration.Properties.TryGetValue(CorsEnabledKey, out corsEnabled)) { Action <HttpConfiguration> defaultInitializer = httpConfiguration.Initializer; httpConfiguration.Initializer = config => { if (!config.Properties.TryGetValue(CorsEnabledKey, out corsEnabled)) { // Execute this in the Initializer to ensure that the CorsMessageHandler is added last. config.MessageHandlers.Add(new CorsMessageHandler(config)); ITraceWriter traceWriter = config.Services.GetTraceWriter(); if (traceWriter != null) { ICorsPolicyProviderFactory factory = config.GetCorsPolicyProviderFactory(); config.SetCorsPolicyProviderFactory(new CorsPolicyProviderFactoryTracer(factory, traceWriter)); ICorsEngine corsEngine = config.GetCorsEngine(); config.SetCorsEngine(new CorsEngineTracer(corsEngine, traceWriter)); } config.Properties[CorsEnabledKey] = true; } defaultInitializer(config); }; } }
public CorsEngineTracer(ICorsEngine corsEngine, ITraceWriter traceWriter) { Contract.Assert(corsEngine != null); Contract.Assert(traceWriter != null); _innerCorsEngine = corsEngine; _traceWriter = traceWriter; }
public void GetCorsEngine_ReturnsTheCustomCorsEngine() { ICorsEngine mockEngine = new Mock <ICorsEngine>().Object; HttpConfiguration config = new HttpConfiguration(); config.SetCorsEngine(mockEngine); ICorsEngine corsEngine = config.GetCorsEngine(); Assert.Same(mockEngine, corsEngine); }
/// <summary> /// Creates a new instance of CorsMiddleware. /// </summary> /// <param name="next"></param> /// <param name="options"></param> public CorsMiddleware(OwinMiddleware next, CorsOptions options) : base(next) { if (options == null) { throw new ArgumentNullException("options"); } _corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider(); _corsEngine = options.CorsEngine ?? new CorsEngine(); }
/// <summary> /// Sets the <see cref="ICorsEngine"/> on the <see cref="HttpConfiguration"/>. /// </summary> /// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param> /// <param name="corsEngine">The <see cref="ICorsEngine"/>.</param> /// <exception cref="System.ArgumentNullException"> /// httpConfiguration /// or /// corsEngine /// </exception> public static void SetCorsEngine(this HttpConfiguration httpConfiguration, ICorsEngine corsEngine) { if (httpConfiguration == null) { throw new ArgumentNullException("httpConfiguration"); } if (corsEngine == null) { throw new ArgumentNullException("corsEngine"); } httpConfiguration.Properties[CorsEngineKey] = corsEngine; }
public CorsBehavior(IBehaviorChain behaviorChain, ICorsEngine corsEngine, CorsConfiguration corsConfiguration, ActionDescriptor actionDescriptor, HttpRequestMessage requestMessage, IEnumerable <ICorsPolicySource> policySources, Configuration configuration, HttpConfiguration httpConfiguration) : base(behaviorChain) { _configuration = configuration; _httpConfiguration = httpConfiguration; _corsEngine = corsEngine; _corsConfiguration = corsConfiguration; _actionDescriptor = actionDescriptor; _requestMessage = requestMessage; _policySources = policySources; }
/// <summary> /// Creates a new instance of CorsMiddleware. /// </summary> /// <param name="next"></param> /// <param name="options"></param> public CorsMiddleware(AppFunc next, CorsOptions options) { if (next == null) { throw new ArgumentNullException("next"); } if (options == null) { throw new ArgumentNullException("options"); } _next = next; _corsPolicyProvider = options.PolicyProvider ?? new CorsPolicyProvider(); _corsEngine = options.CorsEngine ?? new CorsEngine(); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { //根据当前请求创建CorsRequestContext CorsRequestContext context = request.CreateCorsRequestContext(); //针对非预检请求:将请求传递给消息处理管道后续部分继续处理,并得到响应 HttpResponseMessage response = null; if (!context.IsPreflight) { response = await base.SendAsync(request, cancellationToken); } //利用注册的CorsPolicyProviderFactory得到对应的CorsPolicyProvider //借助于CorsPolicyProvider得到表示CORS资源授权策略的CorsPolicy HttpConfiguration configuration = request.GetConfiguration(); CorsPolicy policy = await configuration.GetCorsPolicyProviderFactory().GetCorsPolicyProvider(request).GetCorsPolicyAsync(request, cancellationToken); //获取注册的CorsEngine //利用CorsEngine对请求实施CORS资源授权检验,并得到表示检验结果的CorsResult对象 ICorsEngine engine = configuration.GetCorsEngine(); CorsResult result = engine.EvaluatePolicy(context, policy); //针对预检请求 //如果请求通过授权检验,返回一个状态为“200, OK”的响应并添加CORS报头 //如果授权检验失败,返回一个状态为“400, Bad Request”的响应并指定授权失败原因 if (context.IsPreflight) { if (result.IsValid) { response = new HttpResponseMessage(HttpStatusCode.OK); response.AddCorsHeaders(result); } else { response = request.CreateErrorResponse(HttpStatusCode.BadRequest, string.Join(" |", result.ErrorMessages.ToArray())); } } //针对非预检请求 //CORS报头只有在通过授权检验情况下才会被添加到响应报头集合中 else if (result.IsValid) { response.AddCorsHeaders(result); } return(response); }
public void Setup() { _configuration = new Configuration(); _corsEngine = new CorsEngine(); _corsConfiguration = new CorsConfiguration(); _actionDescriptor = new ActionDescriptor(ActionMethod.From <Handler>(x => x.Get()), null, null, null, null, null, null, null, new TypeCache()); _innerResponse = new HttpResponseMessage(); _behaviorChain = Substitute.For <IBehaviorChain>(); _behaviorChain.InvokeNext().Returns(_innerResponse); _requestMessage = new HttpRequestMessage(); _requestMessage.Headers.Host = "yourmom.com"; _requestMessage.Properties.Add(HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration()); _policySources = new List <ICorsPolicySource>(); _behavior = new CorsBehavior(_behaviorChain, _corsEngine, _corsConfiguration, _actionDescriptor, _requestMessage, _policySources, _configuration, null); }
public DomainLockedApiKeyFilter(IMinistryPlatformRestRepository ministryPlatformRestRepository, ICorsEngine corsEngine, IApiUserRepository apiUserRepository) { _apiKeys = ministryPlatformRestRepository.UsingAuthenticationToken(apiUserRepository.GetToken()).Search <DomainLockedApiKey>(); _corsEngine = corsEngine; }