huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

PreflightRequest check requset headers ignore case and ignore simple request headers 

Signed-off-by: Norgerman <xyn0410@gmail.com>
This commit is contained in:
Norgerman 2015-08-25 13:53:34 +08:00 committed by Kiran Challa
parent 2c14ac34ca
commit 38728a6bcd
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Microsoft.AspNet.Cors.Core/CorsService.cs
View File

@ -97,7 +97,8 @@ namespace Microsoft.AspNet.Cors.Core
if (!policy.AllowAnyHeader &&
requestHeaders != null &&
!requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
!requestHeaders.All(header => CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase) ||
policy.Headers.Contains(header, StringComparer.OrdinalIgnoreCase)))
{
return;
}

6
test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
View File

@ -397,7 +397,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
method: "OPTIONS",
origin: "http://example.com",
accessControlRequestMethod: "PUT",
accessControlRequestHeaders: new[] { "Content-Type" });
accessControlRequestHeaders: new[] { "content-type", "accept" });
var policy = new CorsPolicy();
policy.Origins.Add(CorsConstants.AnyOrigin);
policy.Methods.Add("*");
@ -409,8 +409,8 @@ namespace Microsoft.AspNet.Cors.Core.Test
var result = corsService.EvaluatePolicy(requestContext, policy);
// Assert
Assert.Equal(1, result.AllowedHeaders.Count);
Assert.Contains("Content-Type", result.AllowedHeaders);
Assert.Equal(2, result.AllowedHeaders.Count);
Assert.Contains("Content-Type", result.AllowedHeaders, StringComparer.OrdinalIgnoreCase);
}
[Fact]