internal void ValidateIfRedirect(HttpContextBase context) { if (!Config.Enabled) { return; } var response = context.Response; if (!_redirectValidator.IsRedirectStatusCode(response.StatusCode)) { return; } var redirectLocation = response.RedirectLocation; if (String.IsNullOrEmpty(redirectLocation)) { redirectLocation = response.Headers["Location"]; if (String.IsNullOrEmpty(redirectLocation)) { throw new Exception(String.Format("Response had statuscode {0}, but Location header was null or the empty string.", response.StatusCode)); } } var requestUri = context.Request.Url; if (requestUri == null) { throw new Exception("The current request's url was null."); } _redirectValidator.ValidateRedirect(context.Response.StatusCode, redirectLocation, requestUri, Config); }
internal override void PostInvokeNext(HttpContext context) { var statusCode = context.Response.StatusCode; if (!_redirectValidator.IsRedirectStatusCode(statusCode)) { return; } var scheme = context.Request.Scheme; var hostandport = context.Request.Host; var requestUri = new Uri(scheme + "://" + hostandport); _redirectValidator.ValidateRedirect(statusCode, context.Response.Headers["Location"], requestUri, _config); }
internal override void PostInvokeNext(OwinEnvironment environment) { var statusCode = environment.ResponseStatusCode; if (!_redirectValidator.IsRedirectStatusCode(statusCode)) { return; } var scheme = environment.RequestScheme; var hostandport = environment.RequestHeaders.Host; var requestUri = new Uri(scheme + "://" + hostandport); _redirectValidator.ValidateRedirect(statusCode, environment.ResponseHeaders.Location, requestUri, _config); }
public void ValidateRedirect_DisabledAndRedirect_NoException() { const int statusCode = 302; const string location = "http://evilsite.com"; var config = new RedirectValidationConfiguration { Enabled = false }; _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config); }