huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Include VaryByOrigin when there are multiple Origins configured (#84) 

Fixes #97 

* Added negative test and updated origin to valid origin url

* Fixed tabs and spaces
This commit is contained in:
Michiel Post 2016-12-22 00:49:50 +01:00 committed by Jass Bagga
parent 2a69f3688a
commit 2dbfb8839b
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs
View File

@ -271,6 +271,11 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
else if (policy.IsOriginAllowed(origin)) else if (policy.IsOriginAllowed(origin))
{ {
result.AllowedOrigin = origin; result.AllowedOrigin = origin;
if(policy.Origins.Count > 1)
{
result.VaryByOrigin = true;
}
} }
} }

35
test/Microsoft.AspNetCore.Cors.Test/CorsServiceTests.cs
View File

@ -1080,6 +1080,41 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
Assert.Equal("30", httpContext.Response.Headers["Access-Control-Max-Age"]); Assert.Equal("30", httpContext.Response.Headers["Access-Control-Max-Age"]);
} }
[Fact]
public void EvaluatePolicy_MultiOriginsPolicy_ReturnsVaryByOriginHeader()
{
// Arrange
var corsService = new CorsService(new TestCorsOptions());
var requestContext = GetHttpContext(origin: "http://example.com");
var policy = new CorsPolicy();
policy.Origins.Add("http://example.com");
policy.Origins.Add("http://example-two.com");
// Act
var result = corsService.EvaluatePolicy(requestContext, policy);
// Assert
Assert.NotNull(result.AllowedOrigin);
Assert.True(result.VaryByOrigin);
}
[Fact]
public void EvaluatePolicy_MultiOriginsPolicy_NoMatchingOrigin_ReturnsInvalidResult()
{
// Arrange
var corsService = new CorsService(new TestCorsOptions());
var requestContext = GetHttpContext(origin: "http://example.com");
var policy = new CorsPolicy();
policy.Origins.Add("http://example-two.com");
policy.Origins.Add("http://example-three.com");
// Act
var result = corsService.EvaluatePolicy(requestContext, policy);
// Assert
Assert.Null(result.AllowedOrigin);
Assert.False(result.VaryByOrigin);
}
private static HttpContext GetHttpContext( private static HttpContext GetHttpContext(