PreflightRequest check requset headers ignore case and ignore simple request headers
Signed-off-by: Norgerman <xyn0410@gmail.com>
This commit is contained in:
parent
2c14ac34ca
commit
38728a6bcd
|
|
@ -97,7 +97,8 @@ namespace Microsoft.AspNet.Cors.Core
|
||||||
|
|
||||||
if (!policy.AllowAnyHeader &&
|
if (!policy.AllowAnyHeader &&
|
||||||
requestHeaders != null &&
|
requestHeaders != null &&
|
||||||
!requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
|
!requestHeaders.All(header => CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase) ||
|
||||||
|
policy.Headers.Contains(header, StringComparer.OrdinalIgnoreCase)))
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -397,7 +397,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
method: "OPTIONS",
|
method: "OPTIONS",
|
||||||
origin: "http://example.com",
|
origin: "http://example.com",
|
||||||
accessControlRequestMethod: "PUT",
|
accessControlRequestMethod: "PUT",
|
||||||
accessControlRequestHeaders: new[] { "Content-Type" });
|
accessControlRequestHeaders: new[] { "content-type", "accept" });
|
||||||
var policy = new CorsPolicy();
|
var policy = new CorsPolicy();
|
||||||
policy.Origins.Add(CorsConstants.AnyOrigin);
|
policy.Origins.Add(CorsConstants.AnyOrigin);
|
||||||
policy.Methods.Add("*");
|
policy.Methods.Add("*");
|
||||||
|
|
@ -409,8 +409,8 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var result = corsService.EvaluatePolicy(requestContext, policy);
|
var result = corsService.EvaluatePolicy(requestContext, policy);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal(1, result.AllowedHeaders.Count);
|
Assert.Equal(2, result.AllowedHeaders.Count);
|
||||||
Assert.Contains("Content-Type", result.AllowedHeaders);
|
Assert.Contains("Content-Type", result.AllowedHeaders, StringComparer.OrdinalIgnoreCase);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue