public IServer EnableCors(CorsOption option)
{
_corsOption = option;
return(this);
}
public static Task Handler(CorsOption corsOption, HttpContext http)
{
var req = http.Request;
var resp = http.Response;
var method = http.Request.Method;
if (req.Headers.TryGetValue("Origin", out StringValues origin))
{
//未设corsOption直接拒绝cors请求
if (corsOption == null)
{
//直接返回,虽然status=200,但是没有相关access-control-allow-xxx,这个请求会在浏览器端失败。
return(resp.WriteAsync(""));
}
//检查origin
var originVal = origin.FirstOrDefault();
if (!corsOption.IsOriginAllow(originVal))
{
return(resp.WriteAsync(""));
}
//Access-Control-Allow-Origin必须
resp.Headers.Add("Access-Control-Allow-Origin",
corsOption.AccessControlAllowOrigins == "*" ? "*" : originVal);
if (corsOption.AccessControlAllowCredentials)
{
//Access-Control-Allow-Credentials可选
resp.Headers.Add("Access-Control-Allow-Credentials", "true");
}
if (!string.IsNullOrEmpty(corsOption.AccessControlExposeHeaders))
{
//Access-Control-Expose-Headers可选
resp.Headers.Add("Access-Control-Expose-Headers",
corsOption.AccessControlExposeHeaders);
}
if (method == "OPTIONS")
{
//非简单请求
if (req.Headers.TryGetValue("Access-Control-Request-Method",
out StringValues accessMethods))
{
var accessMethodVal = accessMethods.FirstOrDefault();
if (corsOption.IsMethodAllow(accessMethodVal))
{
//非简单请求Access-Control-Allow-Methods必须
resp.Headers.Add("Access-Control-Allow-Methods",
corsOption.AccessControlAllowMethods);
}
}
if (req.Headers.TryGetValue("Access-Control-Request-Headers", out StringValues accessHeaders))
{
var accessHeaderVal = accessHeaders.FirstOrDefault();
if (corsOption.IsHeaderAllow(accessHeaderVal))
{
//如果Access-Control-Request-Headers存在,则Access-Control-Allow-Headers是必须的
resp.Headers.Add("Access-Control-Allow-Headers", corsOption.AccessControlAllowHeaders);
}
}
if (corsOption.AccessControlMaxAge.HasValue)
{
//Access-Control-Max-Age可选
resp.Headers.Add("Access-Control-Max-Age", corsOption.AccessControlMaxAge.ToString());
}
//OPTIONS预检需要直接返回
return(resp.WriteAsync(""));
}
}
return(null);
}
