From cd72cb76b38a0157345d7743905e5a486849a40d Mon Sep 17 00:00:00 2001
From: "ASP.NET CI" <aspnetci@users.noreply.github.com>
Date: Sun, 29 Jul 2018 12:08:28 -0700
Subject: [PATCH 1/3] Update dependencies.props

[auto-updated: dependencies]
---
 build/dependencies.props | 27 ++++++++++++++-------------
 korebuild-lock.txt       |  4 ++--
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/build/dependencies.props b/build/dependencies.props
index 5a7a0ecdea..04dc8d2c9d 100644
--- a/build/dependencies.props
+++ b/build/dependencies.props
@@ -3,26 +3,27 @@
     <MSBuildAllProjects>$(MSBuildAllProjects);$(MSBuildThisFileFullPath)</MSBuildAllProjects>
   </PropertyGroup>
   <PropertyGroup Label="Package Versions">
-    <InternalAspNetCoreSdkPackageVersion>2.2.0-preview1-17099</InternalAspNetCoreSdkPackageVersion>
-    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.2.0-preview1-34755</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
-    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.2.0-preview1-34755</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
-    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.2.0-preview1-34755</MicrosoftAspNetCoreServerKestrelPackageVersion>
-    <MicrosoftAspNetCoreTestHostPackageVersion>2.2.0-preview1-34755</MicrosoftAspNetCoreTestHostPackageVersion>
-    <MicrosoftExtensionsConfigurationAbstractionsPackageVersion>2.2.0-preview1-34755</MicrosoftExtensionsConfigurationAbstractionsPackageVersion>
-    <MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>2.2.0-preview1-34755</MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.2.0-preview1-34755</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
-    <MicrosoftExtensionsLoggingConsolePackageVersion>2.2.0-preview1-34755</MicrosoftExtensionsLoggingConsolePackageVersion>
-    <MicrosoftExtensionsLoggingTestingPackageVersion>2.2.0-preview1-34755</MicrosoftExtensionsLoggingTestingPackageVersion>
-    <MicrosoftExtensionsOptionsPackageVersion>2.2.0-preview1-34755</MicrosoftExtensionsOptionsPackageVersion>
+    <InternalAspNetCoreSdkPackageVersion>2.2.0-preview1-17102</InternalAspNetCoreSdkPackageVersion>
+    <MicrosoftAspNetCoreHttpExtensionsPackageVersion>2.2.0-preview1-34823</MicrosoftAspNetCoreHttpExtensionsPackageVersion>
+    <MicrosoftAspNetCoreServerIISIntegrationPackageVersion>2.2.0-preview1-34823</MicrosoftAspNetCoreServerIISIntegrationPackageVersion>
+    <MicrosoftAspNetCoreServerKestrelPackageVersion>2.2.0-preview1-34823</MicrosoftAspNetCoreServerKestrelPackageVersion>
+    <MicrosoftAspNetCoreTestHostPackageVersion>2.2.0-preview1-34823</MicrosoftAspNetCoreTestHostPackageVersion>
+    <MicrosoftExtensionsConfigurationAbstractionsPackageVersion>2.2.0-preview1-34823</MicrosoftExtensionsConfigurationAbstractionsPackageVersion>
+    <MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>2.2.0-preview1-34823</MicrosoftExtensionsDependencyInjectionAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingAbstractionsPackageVersion>2.2.0-preview1-34823</MicrosoftExtensionsLoggingAbstractionsPackageVersion>
+    <MicrosoftExtensionsLoggingConsolePackageVersion>2.2.0-preview1-34823</MicrosoftExtensionsLoggingConsolePackageVersion>
+    <MicrosoftExtensionsLoggingTestingPackageVersion>2.2.0-preview1-34823</MicrosoftExtensionsLoggingTestingPackageVersion>
+    <MicrosoftExtensionsOptionsPackageVersion>2.2.0-preview1-34823</MicrosoftExtensionsOptionsPackageVersion>
     <MicrosoftNETCoreApp20PackageVersion>2.0.9</MicrosoftNETCoreApp20PackageVersion>
     <MicrosoftNETCoreApp21PackageVersion>2.1.2</MicrosoftNETCoreApp21PackageVersion>
     <MicrosoftNETCoreApp22PackageVersion>2.2.0-preview1-26618-02</MicrosoftNETCoreApp22PackageVersion>
     <MicrosoftNETTestSdkPackageVersion>15.6.1</MicrosoftNETTestSdkPackageVersion>
     <MoqPackageVersion>4.7.49</MoqPackageVersion>
     <NETStandardLibrary20PackageVersion>2.0.3</NETStandardLibrary20PackageVersion>
-    <XunitAnalyzersPackageVersion>0.9.0</XunitAnalyzersPackageVersion>
+    <XunitAnalyzersPackageVersion>0.10.0</XunitAnalyzersPackageVersion>
     <XunitPackageVersion>2.3.1</XunitPackageVersion>
-    <XunitRunnerVisualStudioPackageVersion>2.4.0-rc.1.build4038</XunitRunnerVisualStudioPackageVersion>
+    <XunitRunnerVisualStudioPackageVersion>2.4.0</XunitRunnerVisualStudioPackageVersion>
   </PropertyGroup>
+  <PropertyGroup Label="Package Versions: Pinned" />
   <Import Project="$(DotNetPackageVersionPropsPath)" Condition=" '$(DotNetPackageVersionPropsPath)' != '' " />
 </Project>
diff --git a/korebuild-lock.txt b/korebuild-lock.txt
index 27e2e80f9a..6b8da29e6b 100644
--- a/korebuild-lock.txt
+++ b/korebuild-lock.txt
@@ -1,2 +1,2 @@
-version:2.2.0-preview1-17099
-commithash:263ed1db9866b6b419b1f5d5189a712aa218acb3
+version:2.2.0-preview1-17102
+commithash:e7e2b5a97ca92cfc6acc4def534cb0901a6d1eb9

From 2db11051d86cd2b209989e039dc32d4b7976e54c Mon Sep 17 00:00:00 2001
From: Flying Wraptor <Wraptor@wheezie.be>
Date: Mon, 23 Jul 2018 21:28:03 +0200
Subject: [PATCH 2/3] Removed Simple request filtering

---
 .../Infrastructure/CorsService.cs             |  48 ++----
 .../CorsServiceTests.cs                       | 143 ++++--------------
 2 files changed, 37 insertions(+), 154 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs b/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs
index 5060ddf205..5be99f4f71 100644
--- a/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs
+++ b/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs
@@ -151,8 +151,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
             {
                 foreach (var requestHeader in requestHeaders)
                 {
-                    if (!CorsConstants.SimpleRequestHeaders.Contains(requestHeader, StringComparer.OrdinalIgnoreCase) &&
-                                                  !policy.Headers.Contains(requestHeader, StringComparer.OrdinalIgnoreCase))
+                    if (!policy.Headers.Contains(requestHeader, StringComparer.OrdinalIgnoreCase))
                     {
                         _logger?.PolicyFailure();
                         _logger?.RequestHeaderNotAllowed(requestHeader);
@@ -201,50 +200,23 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
 
             if (result.AllowedMethods.Count > 0)
             {
-                // Filter out simple methods
-                var nonSimpleAllowMethods = result.AllowedMethods
-                    .Where(m =>
-                        !CorsConstants.SimpleMethods.Contains(m, StringComparer.OrdinalIgnoreCase))
-                    .ToArray();
-
-                if (nonSimpleAllowMethods.Length > 0)
-                {
-                    headers.SetCommaSeparatedValues(
-                        CorsConstants.AccessControlAllowMethods,
-                        nonSimpleAllowMethods);
-                }
+                headers.SetCommaSeparatedValues(
+                    CorsConstants.AccessControlAllowMethods,
+                    result.AllowedMethods.ToArray());
             }
 
             if (result.AllowedHeaders.Count > 0)
             {
-                // Filter out simple request headers
-                var nonSimpleAllowRequestHeaders = result.AllowedHeaders
-                    .Where(header =>
-                        !CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase))
-                    .ToArray();
-
-                if (nonSimpleAllowRequestHeaders.Length > 0)
-                {
-                    headers.SetCommaSeparatedValues(
-                        CorsConstants.AccessControlAllowHeaders,
-                        nonSimpleAllowRequestHeaders);
-                }
+                headers.SetCommaSeparatedValues(
+                    CorsConstants.AccessControlAllowHeaders,
+                    result.AllowedHeaders.ToArray());
             }
 
             if (result.AllowedExposedHeaders.Count > 0)
             {
-                // Filter out simple response headers
-                var nonSimpleAllowResponseHeaders = result.AllowedExposedHeaders
-                    .Where(header =>
-                        !CorsConstants.SimpleResponseHeaders.Contains(header, StringComparer.OrdinalIgnoreCase))
-                    .ToArray();
-
-                if (nonSimpleAllowResponseHeaders.Length > 0)
-                {
-                    headers.SetCommaSeparatedValues(
-                        CorsConstants.AccessControlExposeHeaders,
-                        nonSimpleAllowResponseHeaders);
-                }
+                headers.SetCommaSeparatedValues(
+                    CorsConstants.AccessControlExposeHeaders,
+                    result.AllowedExposedHeaders.ToArray());
             }
 
             if (result.PreflightMaxAge.HasValue)
diff --git a/test/Microsoft.AspNetCore.Cors.Test/CorsServiceTests.cs b/test/Microsoft.AspNetCore.Cors.Test/CorsServiceTests.cs
index 8a71ce7b42..7f7fb2220f 100644
--- a/test/Microsoft.AspNetCore.Cors.Test/CorsServiceTests.cs
+++ b/test/Microsoft.AspNetCore.Cors.Test/CorsServiceTests.cs
@@ -598,32 +598,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
             Assert.Contains("foo", result.AllowedHeaders);
             Assert.Contains("bar", result.AllowedHeaders);
         }
-
-        [Fact]
-        public void EvaluatePolicy_PreflightRequest_HeadersRequested_AllowSomeHeaders_ReturnsSubsetOfListedHeaders()
-        {
-            // Arrange
-            var corsService = new CorsService(new TestCorsOptions());
-            var requestContext = GetHttpContext(
-                method: "OPTIONS",
-                origin: "http://example.com",
-                accessControlRequestMethod: "PUT",
-                accessControlRequestHeaders: new[] { "content-type", "accept" });
-            var policy = new CorsPolicy();
-            policy.Origins.Add(CorsConstants.AnyOrigin);
-            policy.Methods.Add("*");
-            policy.Headers.Add("foo");
-            policy.Headers.Add("bar");
-            policy.Headers.Add("Content-Type");
-
-            // Act
-            var result = corsService.EvaluatePolicy(requestContext, policy);
-
-            // Assert
-            Assert.Equal(2, result.AllowedHeaders.Count);
-            Assert.Contains("Content-Type", result.AllowedHeaders, StringComparer.OrdinalIgnoreCase);
-        }
-
+        
         [Fact]
         public void EvaluatePolicy_PreflightRequest_HeadersRequested_NotAllHeaderMatches_ReturnsInvalidResult()
         {
@@ -690,6 +665,31 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
             Assert.Null(result.AllowedOrigin);
         }
 
+        [Fact]
+        public void ApplyResult_SimpleRequests_IgnoresFiltering()
+        {
+            // Arrange
+            var result = new CorsResult();
+            result.AllowedHeaders.Add("Content-Type");
+            result.AllowedHeaders.Add("Date");
+            result.AllowedMethods.Add("GET");
+            result.AllowedMethods.Add("PUT");
+
+            var httpContext = new DefaultHttpContext();
+            var service = new CorsService(new TestCorsOptions());
+
+
+            // Act
+            service.ApplyResult(result, httpContext.Response);
+
+            // Assert
+            string[] arMethods = httpContext.Response.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlAllowMethods);
+            Assert.Contains("GET", arMethods);
+            Assert.Contains("PUT", arMethods);
+            string[] arHeaders = httpContext.Response.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlAllowHeaders);
+            Assert.Contains("Content-Type", arHeaders);
+            Assert.Contains("Date", arHeaders);
+        }
 
         [Fact]
         public void ApplyResult_ReturnsNoHeaders_ByDefault()
@@ -836,52 +836,6 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
             // Assert
             Assert.Equal("PUT", httpContext.Response.Headers["Access-Control-Allow-Methods"]);
         }
-
-        [Fact]
-        public void ApplyResult_SomeSimpleAllowMethods_AllowMethodsHeaderAddedForNonSimpleMethods()
-        {
-            // Arrange
-            var result = new CorsResult();
-            result.AllowedMethods.Add("PUT");
-            result.AllowedMethods.Add("get");
-            result.AllowedMethods.Add("DELETE");
-            result.AllowedMethods.Add("POST");
-
-            var httpContext = new DefaultHttpContext();
-            var service = new CorsService(new TestCorsOptions());
-
-            // Act
-            service.ApplyResult(result, httpContext.Response);
-
-            // Assert
-            Assert.Contains("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys);
-            var value = Assert.Single(httpContext.Response.Headers.Values);
-            Assert.Equal(new[] { "PUT,DELETE" }, value);
-            string[] methods = httpContext.Response.Headers.GetCommaSeparatedValues("Access-Control-Allow-Methods");
-            Assert.Equal(2, methods.Length);
-            Assert.Contains("PUT", methods);
-            Assert.Contains("DELETE", methods);
-        }
-
-        [Fact]
-        public void ApplyResult_SimpleAllowMethods_AllowMethodsHeaderNotAdded()
-        {
-            // Arrange
-            var result = new CorsResult();
-            result.AllowedMethods.Add("GET");
-            result.AllowedMethods.Add("HEAD");
-            result.AllowedMethods.Add("POST");
-
-            var httpContext = new DefaultHttpContext();
-            var service = new CorsService(new TestCorsOptions());
-
-            // Act
-            service.ApplyResult(result, httpContext.Response);
-
-            // Assert
-            Assert.DoesNotContain("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys);
-        }
-
         [Fact]
         public void ApplyResult_NoAllowHeaders_AllowHeadersHeaderNotAdded()
         {
@@ -943,50 +897,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
             Assert.Contains("bar", headerValues);
             Assert.Contains("baz", headerValues);
         }
-
-        [Fact]
-        public void ApplyResult_SomeSimpleAllowHeaders_AllowHeadersHeaderAddedForNonSimpleHeaders()
-        {
-            // Arrange
-            var result = new CorsResult();
-            result.AllowedHeaders.Add("Content-Language");
-            result.AllowedHeaders.Add("foo");
-            result.AllowedHeaders.Add("bar");
-            result.AllowedHeaders.Add("Accept");
-
-            var httpContext = new DefaultHttpContext();
-            var service = new CorsService(new TestCorsOptions());
-
-            // Act
-            service.ApplyResult(result, httpContext.Response);
-
-            // Assert
-            Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys);
-            string[] headerValues = httpContext.Response.Headers.GetCommaSeparatedValues("Access-Control-Allow-Headers");
-            Assert.Equal(2, headerValues.Length);
-            Assert.Contains("foo", headerValues);
-            Assert.Contains("bar", headerValues);
-        }
-
-        [Fact]
-        public void ApplyResult_SimpleAllowHeaders_AllowHeadersHeaderNotAdded()
-        {
-            // Arrange
-            var result = new CorsResult();
-            result.AllowedHeaders.Add("Accept");
-            result.AllowedHeaders.Add("Accept-Language");
-            result.AllowedHeaders.Add("Content-Language");
-
-            var httpContext = new DefaultHttpContext();
-            var service = new CorsService(new TestCorsOptions());
-
-            // Act
-            service.ApplyResult(result, httpContext.Response);
-
-            // Assert
-            Assert.DoesNotContain("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys);
-        }
-
+        
         [Fact]
         public void ApplyResult_NoAllowExposedHeaders_ExposedHeadersHeaderNotAdded()
         {

From a080301b89fb65f82cde7184468c6100c113847d Mon Sep 17 00:00:00 2001
From: Wraptor <wraptor@wheezie.be>
Date: Mon, 23 Jul 2018 21:33:25 +0200
Subject: [PATCH 3/3] Removed CorsConstats.Simple* variables

---
 .../Infrastructure/CorsConstants.cs           | 28 +------------------
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsConstants.cs b/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsConstants.cs
index 22110b2e41..fbc39a8228 100644
--- a/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsConstants.cs
+++ b/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsConstants.cs
@@ -65,31 +65,5 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
         /// The Access-Control-Max-Age response header.
         /// </summary>
         public static readonly string AccessControlMaxAge = HeaderNames.AccessControlMaxAge;
-
-
-        internal static readonly string[] SimpleRequestHeaders =
-        {
-            HeaderNames.Origin,
-            HeaderNames.Accept,
-            HeaderNames.AcceptLanguage,
-            HeaderNames.ContentLanguage,
-        };
-
-        internal static readonly string[] SimpleResponseHeaders =
-        {
-            HeaderNames.CacheControl,
-            HeaderNames.ContentLanguage,
-            HeaderNames.ContentType,
-            HeaderNames.Expires,
-            HeaderNames.LastModified,
-            HeaderNames.Pragma
-        };
-
-        internal static readonly string[] SimpleMethods =
-        {
-            HttpMethods.Get,
-            HttpMethods.Head,
-            HttpMethods.Post
-        };
     }
-}
\ No newline at end of file
+}