private async Task <bool> IsOriginAllowed(CorsPolicy policy, StringValues origin)
{
if (StringValues.IsNullOrEmpty(origin))
{
return(false);
}
return(policy.AllowAnyOrigin ||
policy.IsOriginAllowed(origin) ||
await _dynamicCorsPolicyResolver.ResolveForOrigin(origin));
}
private bool IsOriginAllowed(CorsPolicy policy, StringValues origin)
{
if (StringValues.IsNullOrEmpty(origin))
{
return(false);
}
if (policy.AllowAnyOrigin || policy.IsOriginAllowed(origin))
{
return(true);
}
return(false);
}
private static bool IsOriginAllowed(CorsPolicy policy, string origin)
{
if (string.IsNullOrEmpty(origin))
{
//does not have origin header
return(false);
}
if (policy.AllowAnyOrigin || policy.IsOriginAllowed(origin))
{
return(true);
}
//policy failure
//origin not allowed
return(false);
}
private bool IsOriginAllowed(CorsPolicy policy, StringValues origin)
{
if (StringValues.IsNullOrEmpty(origin))
{
_logger.RequestDoesNotHaveOriginHeader();
return(false);
}
var originString = origin.ToString();
_logger.RequestHasOriginHeader(originString);
if (policy.AllowAnyOrigin || policy.IsOriginAllowed(originString))
{
_logger.PolicySuccess();
return(true);
}
_logger.PolicyFailure();
_logger.OriginNotAllowed(originString);
return(false);
}
private static void AddOriginToResult(string origin, CorsPolicy policy, CorsResult result)
{
if (policy.AllowAnyOrigin)
{
if (policy.SupportCredentials)
{
result.AllowedOrigin = origin;
result.VaryByOrigin = true;
}
else
{
result.AllowedOrigin = CorsConstants.AnyOrigin;
}
}
else if (policy.IsOriginAllowed(origin))
{
result.AllowedOrigin = origin;
if (policy.Origins.Count > 1)
{
result.VaryByOrigin = true;
}
}
}