private void AddCacheDuration(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.CacheDuration.HasValue && configEntry.CacheDuration.Value > 0)
{
response.ResponseCacheDurationSeconds = configEntry.CacheDuration;
}
}
private CorsAccessResponse CalculateResponse(
CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
CorsAccessResponse response = new CorsAccessResponse();
if (configEntry != null)
{
if (CheckOrigin(accessRequest, configEntry))
{
if (accessRequest.IsCorsSimple)
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddExposedHeaders(configEntry, response);
}
else if (accessRequest.IsCorsPreflight)
{
if (CheckMethods(accessRequest, configEntry) &&
CheckRequestHeaders(accessRequest, configEntry))
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddCacheDuration(configEntry, response);
AddAllowedMethods(accessRequest, configEntry, response);
AddAllowedRequestHeaders(accessRequest, configEntry, response);
}
}
}
}
return(response);
}
private CorsAccessResponse CalculateResponse(
CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry)
{
CorsAccessResponse response = new CorsAccessResponse();
if (configEntry != null)
{
if (CheckOrigin(accessRequest, configEntry))
{
if (accessRequest.IsCorsSimple)
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddExposedHeaders(configEntry, response);
}
else if (accessRequest.IsCorsPreflight)
{
if (CheckMethods(accessRequest, configEntry)
&& CheckRequestHeaders(accessRequest, configEntry))
{
AddOrigin(accessRequest, configEntry, response);
AddCookies(configEntry, response);
AddCacheDuration(configEntry, response);
AddAllowedMethods(accessRequest, configEntry, response);
AddAllowedRequestHeaders(accessRequest, configEntry, response);
}
}
}
}
return response;
}
private void AddExposedHeaders(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var exposedHeaders = configEntry.ResponseHeaders.RemoveSimpleResponseHeaders();
if (exposedHeaders.Any())
{
response.AllowedResponseHeaders = exposedHeaders;
}
}
private static void AddOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.AllowAnyOrigin)
{
if (configEntry.AllowCookies == true)
{
response.OriginAllowed = accessRequest.Origin;
}
else
{
response.OriginAllowed = CorsConstants.ResponseHeader_AllowOrign_Wildcard;
}
}
else
{
response.OriginAllowed = accessRequest.Origin;
}
}
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (!accessRequest.RequestedMethod.IsSimpleMethod())
{
if (configEntry.AllowAllMethods)
{
response.AllowedMethods = CorsConstants.NotSimpleMethods;
}
else
{
response.AllowedMethods = configEntry.Methods.Select(x => x.ToUpper()).ToArray();
}
}
}
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders();
if (requestedHeaders.Any())
{
if (configEntry.AllowAllRequestedHeaders)
{
response.AllowedRequestHeaders = requestedHeaders;
}
else
{
response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray();
}
}
var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase);
if (simpleRequestedHeaders.Any())
{
// chrome asks for things like "Origin" and "Accept", so placate them
response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty <string>()).Distinct();
}
}
private static void AddCookies(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
response.AreCookiesAllowed = configEntry.AllowCookies;
}
private static void AddOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.AllowAnyOrigin)
{
if (configEntry.AllowCookies == true)
{
response.OriginAllowed = accessRequest.Origin;
}
else
{
response.OriginAllowed = CorsConstants.ResponseHeader_AllowOrign_Wildcard;
}
}
else
{
response.OriginAllowed = accessRequest.Origin;
}
}
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (!accessRequest.RequestedMethod.IsSimpleMethod())
{
if (configEntry.AllowAllMethods)
{
response.AllowedMethods = CorsConstants.NotSimpleMethods;
}
else
{
response.AllowedMethods = configEntry.Methods.Select(x=>x.ToUpper()).ToArray();
}
}
}
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders();
if (requestedHeaders.Any())
{
if (configEntry.AllowAllRequestedHeaders)
{
response.AllowedRequestHeaders = requestedHeaders;
}
else
{
response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray();
}
}
var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase);
if (simpleRequestedHeaders.Any())
{
// chrome asks for things like "Origin" and "Accept", so placate them
response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty<string>()).Distinct();
}
}
private void AddCacheDuration(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
if (configEntry.CacheDuration.HasValue && configEntry.CacheDuration.Value > 0)
{
response.ResponseCacheDurationSeconds = configEntry.CacheDuration;
}
}
private void AddExposedHeaders(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
var exposedHeaders = configEntry.ResponseHeaders.RemoveSimpleResponseHeaders();
if (exposedHeaders.Any())
{
response.AllowedResponseHeaders = exposedHeaders;
}
}
private static void AddCookies(CorsConfigurationEntry configEntry, CorsAccessResponse response)
{
response.AreCookiesAllowed = configEntry.AllowCookies;
}
