private CorsAccessResponse CalculateResponse( CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { CorsAccessResponse response = new CorsAccessResponse(); if (configEntry != null) { if (CheckOrigin(accessRequest, configEntry)) { if (accessRequest.IsCorsSimple) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddExposedHeaders(configEntry, response); } else if (accessRequest.IsCorsPreflight) { if (CheckMethods(accessRequest, configEntry) && CheckRequestHeaders(accessRequest, configEntry)) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddCacheDuration(configEntry, response); AddAllowedMethods(accessRequest, configEntry, response); AddAllowedRequestHeaders(accessRequest, configEntry, response); } } } } return response; }
private CorsAccessResponse CalculateResponse( CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { CorsAccessResponse response = new CorsAccessResponse(); if (configEntry != null) { if (CheckOrigin(accessRequest, configEntry)) { if (accessRequest.IsCorsSimple) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddExposedHeaders(configEntry, response); } else if (accessRequest.IsCorsPreflight) { if (CheckMethods(accessRequest, configEntry) && CheckRequestHeaders(accessRequest, configEntry)) { AddOrigin(accessRequest, configEntry, response); AddCookies(configEntry, response); AddCacheDuration(configEntry, response); AddAllowedMethods(accessRequest, configEntry, response); AddAllowedRequestHeaders(accessRequest, configEntry, response); } } } } return(response); }
private void AddCacheDuration(CorsConfigurationEntry configEntry, CorsAccessResponse response) { if (configEntry.CacheDuration.HasValue && configEntry.CacheDuration.Value > 0) { response.ResponseCacheDurationSeconds = configEntry.CacheDuration; } }
private static bool CheckMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllMethods) return true; var configMethods = configEntry.Methods.Select(x => x.ToUpper()); var requestedMethod = accessRequest.RequestedMethod; return configMethods.Contains(requestedMethod); }
private void AddExposedHeaders(CorsConfigurationEntry configEntry, CorsAccessResponse response) { var exposedHeaders = configEntry.ResponseHeaders.RemoveSimpleResponseHeaders(); if (exposedHeaders.Any()) { response.AllowedResponseHeaders = exposedHeaders; } }
private bool CheckRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllRequestedHeaders) return true; var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); var allowedHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders(); // the requested headers must all be in the allowed list var both = requestedHeaders.Intersect(allowedHeaders, StringComparer.OrdinalIgnoreCase); return both.Count() == requestedHeaders.Count(); }
private static bool CheckMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllMethods) { return(true); } var configMethods = configEntry.Methods.Select(x => x.ToUpper()); var requestedMethod = accessRequest.RequestedMethod; return(configMethods.Contains(requestedMethod)); }
public void Add(CorsConfigurationEntry entry) { // entry validation if (entry.AllResources && entry.Resource != null) { throw new ArgumentException("Resource not allowed if configured as AllResources."); } if (!entry.AllResources && String.IsNullOrEmpty(entry.Resource)) { throw new ArgumentException("Resource required."); } if (entry.AllowAnyOrigin && entry.Origin != null) { throw new ArgumentException("Origin not allowed if configured as AllowAnyOrigin."); } if (!entry.AllowAnyOrigin && String.IsNullOrEmpty(entry.Origin)) { throw new ArgumentException("Origin required."); } // entry relative to other registered settings validation if (entry.AllResources && entry.AllowAnyOrigin && FindAnyResourceForAnyOrigin() != null) { throw new InvalidOperationException("Entry already registered for AllResources and AllowAnyOrigin."); } if (entry.AllowAnyOrigin && !entry.AllResources && FindByResourceAnyOrigin(entry.Resource) != null) { throw new InvalidOperationException("Resource '" + entry.Resource + "' already registered for AllowAnyOrigin."); } if (!entry.AllowAnyOrigin && entry.AllResources && FindAnyResourceByOrigin(entry.Origin) != null) { throw new InvalidOperationException("Origin '" + entry.Origin + "' already registered for AllResources."); } if (!entry.AllowAnyOrigin && !entry.AllResources && FindByResourceAndOrigin(entry.Resource, entry.Origin) != null) { throw new InvalidOperationException("Resource '" + entry.Resource + "' already registered for Origin '" + entry.Origin + "'."); } if (entry.CacheDuration == null) { entry.CacheDuration = this.DefaultCacheDuration; } settings.Add(entry); }
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { if (!accessRequest.RequestedMethod.IsSimpleMethod()) { if (configEntry.AllowAllMethods) { response.AllowedMethods = CorsConstants.NotSimpleMethods; } else { response.AllowedMethods = configEntry.Methods.Select(x => x.ToUpper()).ToArray(); } } }
private bool CheckRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { if (configEntry.AllowAllRequestedHeaders) { return(true); } var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); var allowedHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders(); // the requested headers must all be in the allowed list var both = requestedHeaders.Intersect(allowedHeaders, StringComparer.OrdinalIgnoreCase); return(both.Count() == requestedHeaders.Count()); }
private static void AddOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { if (configEntry.AllowAnyOrigin) { if (configEntry.AllowCookies == true) { response.OriginAllowed = accessRequest.Origin; } else { response.OriginAllowed = CorsConstants.ResponseHeader_AllowOrign_Wildcard; } } else { response.OriginAllowed = accessRequest.Origin; } }
private static bool CheckOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { return (configEntry.AllowAnyOrigin || accessRequest.Origin.Equals(configEntry.Origin, StringComparison.OrdinalIgnoreCase)); }
private static bool CheckOrigin(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry) { return configEntry.AllowAnyOrigin || accessRequest.Origin.Equals(configEntry.Origin, StringComparison.OrdinalIgnoreCase); }
private static void AddCookies(CorsConfigurationEntry configEntry, CorsAccessResponse response) { response.AreCookiesAllowed = configEntry.AllowCookies; }
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); if (requestedHeaders.Any()) { if (configEntry.AllowAllRequestedHeaders) { response.AllowedRequestHeaders = requestedHeaders; } else { response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray(); } } var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase); if (simpleRequestedHeaders.Any()) { // chrome asks for things like "Origin" and "Accept", so placate them response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty<string>()).Distinct(); } }
private void CheckInit() { if (entries == null && ResourcesFrozen && originsFrozen) { entries = new List<CorsConfigurationEntry>(); if (Resources == null) { // all Resources if (origins == null) { // all origins var item = new CorsConfigurationEntry { AllResources = true, AllowAnyOrigin = true }; entries.Add(item); } else { // specific origins var items = from o in origins select new CorsConfigurationEntry { AllResources = true, Origin = o }; entries.AddRange(items); } } else { // specific Resources if (origins == null) { // all origins var items = from c in Resources select new CorsConfigurationEntry { Resource = c, AllowAnyOrigin = true }; entries.AddRange(items); } else { // specific origins var items = from c in Resources from o in origins select new CorsConfigurationEntry { Resource = c, Origin = o }; entries.AddRange(items); } } } }
private static void AddAllowedRequestHeaders(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { var requestedHeaders = accessRequest.RequestedHeaders.RemoveSimpleRequestHeaders(); if (requestedHeaders.Any()) { if (configEntry.AllowAllRequestedHeaders) { response.AllowedRequestHeaders = requestedHeaders; } else { response.AllowedRequestHeaders = configEntry.RequestHeaders.RemoveSimpleRequestHeaders().ToArray(); } } var simpleRequestedHeaders = accessRequest.RequestedHeaders.Intersect(CorsConstants.SimpleRequestHeaders, StringComparer.OrdinalIgnoreCase); if (simpleRequestedHeaders.Any()) { // chrome asks for things like "Origin" and "Accept", so placate them response.AllowedRequestHeaders = simpleRequestedHeaders.Union(response.AllowedRequestHeaders ?? Enumerable.Empty <string>()).Distinct(); } }
private static void AddAllowedMethods(CorsAccessRequest accessRequest, CorsConfigurationEntry configEntry, CorsAccessResponse response) { if (!accessRequest.RequestedMethod.IsSimpleMethod()) { if (configEntry.AllowAllMethods) { response.AllowedMethods = CorsConstants.NotSimpleMethods; } else { response.AllowedMethods = configEntry.Methods.Select(x=>x.ToUpper()).ToArray(); } } }
private void CheckInit() { if (entries == null && ResourcesFrozen && originsFrozen) { entries = new List <CorsConfigurationEntry>(); if (Resources == null) { // all Resources if (origins == null) { // all origins var item = new CorsConfigurationEntry { AllResources = true, AllowAnyOrigin = true }; entries.Add(item); } else { // specific origins var items = from o in origins select new CorsConfigurationEntry { AllResources = true, Origin = o }; entries.AddRange(items); } } else { // specific Resources if (origins == null) { // all origins var items = from c in Resources select new CorsConfigurationEntry { Resource = c, AllowAnyOrigin = true }; entries.AddRange(items); } else { // specific origins var items = from c in Resources from o in origins select new CorsConfigurationEntry { Resource = c, Origin = o }; entries.AddRange(items); } } } }