private CorsAccessResponse CalculateResponse( CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { CorsAccessResponse response = new CorsAccessResponse(); if (configEntry != null) { if (CheckOrigin(accessRequest, configEntry)) { if (accessRequest.IsCorsSimple) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddExposedHeaders(configEntry, response); } else if (accessRequest.IsCorsPreflight) { if (CheckMethods(accessRequest, configEntry) && CheckRequestHeaders(accessRequest, configEntry)) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddCacheDuration(configEntry, response); AddAllowedMethods(accessRequest, configEntry, response); AddAllowedRequestHeaders(accessRequest, configEntry, response); } } } } return(response); }
private CorsAccessResponse CalculateResponse( CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { CorsAccessResponse response = new CorsAccessResponse(); if (configEntry != null) { if (CheckOrigin(accessRequest, configEntry)) { if (accessRequest.IsCorsSimple) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddExposedHeaders(configEntry, response); } else if (accessRequest.IsCorsPreflight) { if (CheckMethods(accessRequest, configEntry) && CheckRequestHeaders(accessRequest, configEntry)) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddCacheDuration(configEntry, response); AddAllowedMethods(accessRequest, configEntry, response); AddAllowedRequestHeaders(accessRequest, configEntry, response); } } } } return response; }
private CorsConfigurationEntry GetEntryFromStaticConfiguration(CorsAccessRequest accessRequest) { var configSetting = FindByResourceAndOrigin(accessRequest.Resource, accessRequest.Origin); if (configSetting == null) { configSetting = FindByResourceAnyOrigin(accessRequest.Resource); } if (configSetting == null) { configSetting = FindAnyResourceByOrigin(accessRequest.Origin); } if (configSetting == null) { configSetting = FindAnyResourceForAnyOrigin(); } if (configSetting != null && StaticConfigurationAccessFilter != null) { var current = configSetting.Clone(); var response = StaticConfigurationAccessFilter(accessRequest, current); if (response == null) { // if they pass back null, they're indicating that the origin is not allowed configSetting = null; } else { configSetting = response.EntryFromAllowProperties(accessRequest); } } return(configSetting); }
private static bool CheckMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllMethods) return true; var configMethods = configEntry.Methods.Select(x => x.ToUpper()); var requestedMethod = accessRequest.RequestedMethod; return configMethods.Contains(requestedMethod); }
private CorsConfigurationAllowProperties GetEntryFromDynamicConfiguration(CorsAccessRequest accessRequest) { if (DynamicConfigurationCallback != null) { return(DynamicConfigurationCallback(accessRequest)); } return(null); }
public CorsAccessResponse CheckAccess(CorsAccessRequest accessRequest) { if (!accessRequest.IsCors) { return(null); } var configEntry = configuration.GetConfigurationEntryForRequest(accessRequest); return(CalculateResponse(accessRequest, configEntry)); }
private bool CheckRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllRequestedHeaders) return true; var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); var allowedHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders(); // the requested headers must all be in the allowed list var both = requestedHeaders.Intersect(allowedHeaders, StringComparer.OrdinalIgnoreCase); return both.Count() == requestedHeaders.Count(); }
private static bool CheckMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllMethods) { return(true); } var configMethods = configEntry.Methods.Select(x => x.ToUpper()); var requestedMethod = accessRequest.RequestedMethod; return(configMethods.Contains(requestedMethod)); }
internal CorsConfigurationEntry GetConfigurationEntryForRequest(CorsAccessRequest accessRequest) { var configEntry = GetEntryFromStaticConfiguration(accessRequest); if (configEntry == null) { var response = GetEntryFromDynamicConfiguration(accessRequest); if (response != null) { configEntry = response.EntryFromAllowProperties(accessRequest); } } return(configEntry); }
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { if (!accessRequest.RequestedMethod.IsSimpleMethod()) { if (configEntry.AllowAllMethods) { response.AllowedMethods = CorsConstants.NotSimpleMethods; } else { response.AllowedMethods = configEntry.Methods.Select(x => x.ToUpper()).ToArray(); } } }
private bool CheckRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllRequestedHeaders) { return(true); } var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); var allowedHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders(); // the requested headers must all be in the allowed list var both = requestedHeaders.Intersect(allowedHeaders, StringComparer.OrdinalIgnoreCase); return(both.Count() == requestedHeaders.Count()); }
private static void AddOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { if (configEntry.AllowAnyOrigin) { if (configEntry.AllowCookies == true) { response.OriginAllowed = accessRequest.Origin; } else { response.OriginAllowed = CorsConstants.ResponseHeader_AllowOrign_Wildcard; } } else { response.OriginAllowed = accessRequest.Origin; } }
internal static CorsConfigurationEntry EntryFromAllowProperties(this CorsConfigurationAllowProperties other, CorsAccessRequest accessRequest) { return new CorsConfigurationEntry { AllResources = false, Resource = accessRequest.Resource, Origin = accessRequest.Origin, AllowAllMethods = other.AllowAllMethods, AllowAllRequestedHeaders = other.AllowAllRequestedHeaders, AllowAnyOrigin = other.AllowAnyOrigin, AllowCookies = other.AllowCookies, Methods = other.Methods.ToArray(), RequestHeaders = other.RequestHeaders.ToArray(), ResponseHeaders = other.ResponseHeaders.ToArray(), CacheDuration = other.CacheDuration }; }
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); if (requestedHeaders.Any()) { if (configEntry.AllowAllRequestedHeaders) { response.AllowedRequestHeaders = requestedHeaders; } else { response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray(); } } var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase); if (simpleRequestedHeaders.Any()) { // chrome asks for things like "Origin" and "Accept", so placate them response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty <string>()).Distinct(); } }
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); if (requestedHeaders.Any()) { if (configEntry.AllowAllRequestedHeaders) { response.AllowedRequestHeaders = requestedHeaders; } else { response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray(); } } var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase); if (simpleRequestedHeaders.Any()) { // chrome asks for things like "Origin" and "Accept", so placate them response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty<string>()).Distinct(); } }
public CorsAccessResponse CheckAccess(CorsAccessRequest accessRequest) { if (!accessRequest.IsCors) return null; var configEntry = configuration.GetConfigurationEntryForRequest(accessRequest); return CalculateResponse(accessRequest, configEntry); }
private CorsConfigurationAllowProperties GetEntryFromDynamicConfiguration(CorsAccessRequest accessRequest) { if (DynamicConfigurationCallback != null) { return DynamicConfigurationCallback(accessRequest); } return null; }
private CorsConfigurationEntry GetEntryFromStaticConfiguration(CorsAccessRequest accessRequest) { var configSetting = FindByResourceAndOrigin(accessRequest.Resource, accessRequest.Origin); if (configSetting == null) configSetting = FindByResourceAnyOrigin(accessRequest.Resource); if (configSetting == null) configSetting = FindAnyResourceByOrigin(accessRequest.Origin); if (configSetting == null) configSetting = FindAnyResourceForAnyOrigin(); if (configSetting != null && StaticConfigurationAccessFilter != null) { var current = configSetting.Clone(); var response = StaticConfigurationAccessFilter(accessRequest, current); if (response == null) { // if they pass back null, they're indicating that the origin is not allowed configSetting = null; } else { configSetting = response.EntryFromAllowProperties(accessRequest); } } return configSetting; }
internal CorsConfigurationEntry GetConfigurationEntryForRequest(CorsAccessRequest accessRequest) { var configEntry = GetEntryFromStaticConfiguration(accessRequest); if (configEntry == null) { var response = GetEntryFromDynamicConfiguration(accessRequest); if (response != null) { configEntry = response.EntryFromAllowProperties(accessRequest); } } return configEntry; }
private static bool CheckOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { return (configEntry.AllowAnyOrigin || accessRequest.Origin.Equals(configEntry.Origin, StringComparison.OrdinalIgnoreCase)); }
private static bool CheckOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { return configEntry.AllowAnyOrigin || accessRequest.Origin.Equals(configEntry.Origin, StringComparison.OrdinalIgnoreCase); }
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { if (!accessRequest.RequestedMethod.IsSimpleMethod()) { if (configEntry.AllowAllMethods) { response.AllowedMethods = CorsConstants.NotSimpleMethods; } else { response.AllowedMethods = configEntry.Methods.Select(x=>x.ToUpper()).ToArray(); } } }
internal static CorsConfigurationEntry EntryFromAllowProperties(this CorsConfigurationAllowProperties other, CorsAccessRequest accessRequest) { return(new CorsConfigurationEntry { AllResources = false, Resource = accessRequest.Resource, Origin = accessRequest.Origin, AllowAllMethods = other.AllowAllMethods, AllowAllRequestedHeaders = other.AllowAllRequestedHeaders, AllowAnyOrigin = other.AllowAnyOrigin, AllowCookies = other.AllowCookies, Methods = other.Methods.ToArray(), RequestHeaders = other.RequestHeaders.ToArray(), ResponseHeaders = other.ResponseHeaders.ToArray(), CacheDuration = other.CacheDuration }); }