protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            //根据当前请求创建CorsRequestContext
            CorsRequestContext context = request.CreateCorsRequestContext();

            //针对非预检请求:将请求传递给消息处理管道后续部分继续处理,并得到响应
            HttpResponseMessage response = null;
            if (!context.IsPreflight)
            {
                response = await base.SendAsync(request, cancellationToken);
            }

            //利用注册的CorsPolicyProviderFactory得到对应的CorsPolicyProvider
            //借助于CorsPolicyProvider得到表示CORS资源授权策略的CorsPolicy
            HttpConfiguration configuration = request.GetConfiguration();
            CorsPolicy policy = await configuration.GetCorsPolicyProviderFactory().GetCorsPolicyProvider(request).GetCorsPolicyAsync(request, cancellationToken);

            //获取注册的CorsEngine
            //利用CorsEngine对请求实施CORS资源授权检验,并得到表示检验结果的CorsResult对象
            ICorsEngine engine = configuration.GetCorsEngine();
            CorsResult result = engine.EvaluatePolicy(context, policy);

            //针对预检请求
            //如果请求通过授权检验,返回一个状态为“200, OK”的响应并添加CORS报头
            //如果授权检验失败,返回一个状态为“400, Bad Request”的响应并指定授权失败原因
            if (context.IsPreflight)
            {
                if (result.IsValid)
                {
                    response = new HttpResponseMessage(HttpStatusCode.OK);
                    response.AddCorsHeaders(result);
                }
                else
                {
                    response = request.CreateErrorResponse(HttpStatusCode.BadRequest, string.Join(" |", result.ErrorMessages.ToArray()));
                }
            }
            //针对非预检请求
            //CORS报头只有在通过授权检验情况下才会被添加到响应报头集合中
            else if (result.IsValid)
            {
                response.AddCorsHeaders(result);
            }
            return response;
        }