PreflightRequest check requset headers ignore case and ignore simple request headers

Signed-off-by: Norgerman <xyn0410@gmail.com>
This commit is contained in:
Norgerman 2015-08-25 13:53:34 +08:00 committed by Kiran Challa
parent 2c14ac34ca
commit 38728a6bcd
2 changed files with 5 additions and 4 deletions

View File

@ -97,7 +97,8 @@ namespace Microsoft.AspNet.Cors.Core
if (!policy.AllowAnyHeader && if (!policy.AllowAnyHeader &&
requestHeaders != null && requestHeaders != null &&
!requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal))) !requestHeaders.All(header => CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase) ||
policy.Headers.Contains(header, StringComparer.OrdinalIgnoreCase)))
{ {
return; return;
} }

View File

@ -397,7 +397,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
method: "OPTIONS", method: "OPTIONS",
origin: "http://example.com", origin: "http://example.com",
accessControlRequestMethod: "PUT", accessControlRequestMethod: "PUT",
accessControlRequestHeaders: new[] { "Content-Type" }); accessControlRequestHeaders: new[] { "content-type", "accept" });
var policy = new CorsPolicy(); var policy = new CorsPolicy();
policy.Origins.Add(CorsConstants.AnyOrigin); policy.Origins.Add(CorsConstants.AnyOrigin);
policy.Methods.Add("*"); policy.Methods.Add("*");
@ -409,8 +409,8 @@ namespace Microsoft.AspNet.Cors.Core.Test
var result = corsService.EvaluatePolicy(requestContext, policy); var result = corsService.EvaluatePolicy(requestContext, policy);
// Assert // Assert
Assert.Equal(1, result.AllowedHeaders.Count); Assert.Equal(2, result.AllowedHeaders.Count);
Assert.Contains("Content-Type", result.AllowedHeaders); Assert.Contains("Content-Type", result.AllowedHeaders, StringComparer.OrdinalIgnoreCase);
} }
[Fact] [Fact]