/// <inheritdoc /> public CorsResult EvaluatePolicy([NotNull] HttpContext context, [NotNull] CorsPolicy policy) { var corsResult = new CorsResult(); var accessControlRequestMethod = context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod); if (string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.Ordinal) && accessControlRequestMethod != null) { EvaluatePreflightRequest(context, policy, corsResult); } else { EvaluateRequest(context, policy, corsResult); } return(corsResult); }
private void AddOriginToResult(string origin, CorsPolicy policy, CorsResult result) { if (policy.AllowAnyOrigin) { if (policy.SupportsCredentials) { result.AllowedOrigin = origin; result.VaryByOrigin = true; } else { result.AllowedOrigin = CorsConstants.AnyOrigin; } } else if (policy.Origins.Contains(origin)) { result.AllowedOrigin = origin; } }
/// <inheritdoc /> public virtual void ApplyResult(CorsResult result, HttpResponse response) { var headers = response.Headers; if (result.AllowedOrigin != null) { headers.Add(CorsConstants.AccessControlAllowOrigin, new[] { result.AllowedOrigin }); } if (result.VaryByOrigin) { headers.Set("Vary", "Origin"); } if (result.SupportsCredentials) { headers.Add(CorsConstants.AccessControlAllowCredentials, new[] { "true" }); } if (result.AllowedMethods.Count > 0) { // Filter out simple methods var nonSimpleAllowMethods = result.AllowedMethods .Where(m => !CorsConstants.SimpleMethods.Contains(m, StringComparer.OrdinalIgnoreCase)) .ToArray(); if (nonSimpleAllowMethods.Length > 0) { headers.SetCommaSeparatedValues( CorsConstants.AccessControlAllowMethods, nonSimpleAllowMethods); } } if (result.AllowedHeaders.Count > 0) { // Filter out simple request headers var nonSimpleAllowRequestHeaders = result.AllowedHeaders .Where(header => !CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase)) .ToArray(); if (nonSimpleAllowRequestHeaders.Length > 0) { headers.SetCommaSeparatedValues( CorsConstants.AccessControlAllowHeaders, nonSimpleAllowRequestHeaders); } } if (result.AllowedExposedHeaders.Count > 0) { // Filter out simple response headers var nonSimpleAllowResponseHeaders = result.AllowedExposedHeaders .Where(header => !CorsConstants.SimpleResponseHeaders.Contains(header, StringComparer.OrdinalIgnoreCase)) .ToArray(); if (nonSimpleAllowResponseHeaders.Length > 0) { headers.SetCommaSeparatedValues( CorsConstants.AccessControlExposeHeaders, nonSimpleAllowResponseHeaders); } } if (result.PreflightMaxAge.HasValue) { headers.Set( CorsConstants.AccessControlMaxAge, result.PreflightMaxAge.Value.TotalSeconds.ToString()); } }
public virtual void EvaluateRequest(HttpContext context, CorsPolicy policy, CorsResult result) { var origin = context.Request.Headers.Get(CorsConstants.Origin); if (origin == null || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin)) { return; } AddOriginToResult(origin, policy, result); result.SupportsCredentials = policy.SupportsCredentials; AddHeaderValues(result.AllowedExposedHeaders, policy.ExposedHeaders); }
public virtual void EvaluatePreflightRequest(HttpContext context, CorsPolicy policy, CorsResult result) { var origin = context.Request.Headers.Get(CorsConstants.Origin); if (origin == null || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin)) { return; } var accessControlRequestMethod = context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod); if (accessControlRequestMethod == null) { return; } var requestHeaders = context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestHeaders); if (!policy.AllowAnyMethod && !policy.Methods.Contains(accessControlRequestMethod)) { return; } if (!policy.AllowAnyHeader && requestHeaders != null && !requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal))) { return; } AddOriginToResult(origin, policy, result); result.SupportsCredentials = policy.SupportsCredentials; result.PreflightMaxAge = policy.PreflightMaxAge; result.AllowedMethods.Add(accessControlRequestMethod); AddHeaderValues(result.AllowedHeaders, requestHeaders); }
/// <inheritdoc /> public CorsResult EvaluatePolicy([NotNull] HttpContext context, [NotNull] CorsPolicy policy) { var corsResult = new CorsResult(); var accessControlRequestMethod = context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod); if (string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.Ordinal) && accessControlRequestMethod != null) { EvaluatePreflightRequest(context, policy, corsResult); } else { EvaluateRequest(context, policy, corsResult); } return corsResult; }
private CorsResult GetCorsResult( string origin = null, IList<string> headers = null, IList<string> methods = null, IList<string> exposedHeaders = null, long? preFlightMaxAge = null, bool? supportsCredentials = null) { var result = new CorsResult(); if (origin != null) { result.AllowedOrigin = origin; } if (headers != null) { AddRange(result.AllowedHeaders, headers); } if (methods != null) { AddRange(result.AllowedMethods, methods); } if (exposedHeaders != null) { AddRange(result.AllowedExposedHeaders, exposedHeaders); } if (preFlightMaxAge != null) { result.PreflightMaxAge = TimeSpan.FromSeconds(preFlightMaxAge.Value); } if (supportsCredentials != null) { result.SupportsCredentials = supportsCredentials.Value; } return result; }
/// <inheritdoc /> public virtual void ApplyResult(CorsResult result, HttpResponse response) { if (result == null) { throw new ArgumentNullException(nameof(result)); } if (response == null) { throw new ArgumentNullException(nameof(response)); } var headers = response.Headers; if (result.AllowedOrigin != null) { headers[CorsConstants.AccessControlAllowOrigin] = result.AllowedOrigin; } if (result.VaryByOrigin) { headers["Vary"] = "Origin"; } if (result.SupportsCredentials) { headers[CorsConstants.AccessControlAllowCredentials] = "true"; } if (result.AllowedMethods.Count > 0) { // Filter out simple methods var nonSimpleAllowMethods = result.AllowedMethods .Where(m => !CorsConstants.SimpleMethods.Contains(m, StringComparer.OrdinalIgnoreCase)) .ToArray(); if (nonSimpleAllowMethods.Length > 0) { headers.SetCommaSeparatedValues( CorsConstants.AccessControlAllowMethods, nonSimpleAllowMethods); } } if (result.AllowedHeaders.Count > 0) { // Filter out simple request headers var nonSimpleAllowRequestHeaders = result.AllowedHeaders .Where(header => !CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase)) .ToArray(); if (nonSimpleAllowRequestHeaders.Length > 0) { headers.SetCommaSeparatedValues( CorsConstants.AccessControlAllowHeaders, nonSimpleAllowRequestHeaders); } } if (result.AllowedExposedHeaders.Count > 0) { // Filter out simple response headers var nonSimpleAllowResponseHeaders = result.AllowedExposedHeaders .Where(header => !CorsConstants.SimpleResponseHeaders.Contains(header, StringComparer.OrdinalIgnoreCase)) .ToArray(); if (nonSimpleAllowResponseHeaders.Length > 0) { headers.SetCommaSeparatedValues( CorsConstants.AccessControlExposeHeaders, nonSimpleAllowResponseHeaders); } } if (result.PreflightMaxAge.HasValue) { headers[CorsConstants.AccessControlMaxAge] = result.PreflightMaxAge.Value.TotalSeconds.ToString(CultureInfo.InvariantCulture); } }
/// <inheritdoc /> public CorsResult EvaluatePolicy(HttpContext context, CorsPolicy policy) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (policy == null) { throw new ArgumentNullException(nameof(policy)); } var corsResult = new CorsResult(); var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod]; if (string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.Ordinal) && !StringValues.IsNullOrEmpty(accessControlRequestMethod)) { EvaluatePreflightRequest(context, policy, corsResult); } else { EvaluateRequest(context, policy, corsResult); } return corsResult; }