From 7e139c9b5f0dc4a2f6da5f413092f10365a4d644 Mon Sep 17 00:00:00 2001
From: Sedat Kapanoglu <ssg@users.noreply.github.com>
Date: Tue, 3 Mar 2020 15:45:50 -0800
Subject: [PATCH] Add HeaderNames.XRequestedWith = "X-Requested-With" (#19470)

* Add HeaderNames.XRequestedWith = "X-Requested-With"

X-Requested-With is the standard for differentiating AJAX requests and is commonly used. Having this in HeaderNames would prevent typos related to typing this header name. I couldn't find any rationale about excluding this but there might be legitimate reasons like discouraging the use of HTTP headers or differentiating AJAX requests, etc. Please reject this if that's the case.

* Replace "X-Requested-With" references with HeaderNames.XRequestedWith

The only remaining instance is WebSocketsTransport.cs in
SignalR\clients\csharp\Http.Connections.Client which doesn't have
Microsoft.Net in its references. I didn't want to impose a new
dependency as its risky.

* Fix the order of using statements

* Add XRequestedWith to the ref assembly
---
 .../Headers/ref/Microsoft.Net.Http.Headers.netcoreapp.cs  | 1 +
 src/Http/Headers/src/HeaderNames.cs                       | 1 +
 src/Identity/test/InMemory.Test/FunctionalTest.cs         | 3 ++-
 .../Cookies/src/CookieAuthenticationEvents.cs             | 8 ++++----
 .../test/UnitTests/HttpConnectionTests.Transport.cs       | 3 ++-
 .../server/SignalR/test/WebSocketsTransportTests.cs       | 3 ++-
 6 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/Http/Headers/ref/Microsoft.Net.Http.Headers.netcoreapp.cs b/src/Http/Headers/ref/Microsoft.Net.Http.Headers.netcoreapp.cs
index 41d44ad26d..74bfe68f38 100644
--- a/src/Http/Headers/ref/Microsoft.Net.Http.Headers.netcoreapp.cs
+++ b/src/Http/Headers/ref/Microsoft.Net.Http.Headers.netcoreapp.cs
@@ -200,6 +200,7 @@ namespace Microsoft.Net.Http.Headers
         public static readonly string WebSocketSubProtocols;
         public static readonly string WWWAuthenticate;
         public static readonly string XFrameOptions;
+        public static readonly string XRequestedWith;
     }
     public static partial class HeaderQuality
     {
diff --git a/src/Http/Headers/src/HeaderNames.cs b/src/Http/Headers/src/HeaderNames.cs
index 368cd8be46..5a30679fd8 100644
--- a/src/Http/Headers/src/HeaderNames.cs
+++ b/src/Http/Headers/src/HeaderNames.cs
@@ -88,5 +88,6 @@ namespace Microsoft.Net.Http.Headers
         public static readonly string WebSocketSubProtocols = "Sec-WebSocket-Protocol";
         public static readonly string WWWAuthenticate = "WWW-Authenticate";
         public static readonly string XFrameOptions = "X-Frame-Options";
+        public static readonly string XRequestedWith = "X-Requested-With";
     }
 }
diff --git a/src/Identity/test/InMemory.Test/FunctionalTest.cs b/src/Identity/test/InMemory.Test/FunctionalTest.cs
index b193bc16cd..a2609b4a43 100644
--- a/src/Identity/test/InMemory.Test/FunctionalTest.cs
+++ b/src/Identity/test/InMemory.Test/FunctionalTest.cs
@@ -18,6 +18,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity.Test;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Identity.InMemory
@@ -425,7 +426,7 @@ namespace Microsoft.AspNetCore.Identity.InMemory
             }
             if (ajaxRequest)
             {
-                request.Headers.Add("X-Requested-With", "XMLHttpRequest");
+                request.Headers.Add(HeaderNames.XRequestedWith, "XMLHttpRequest");
             }
             var transaction = new Transaction
             {
diff --git a/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs b/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs
index a6bb4e7d1c..a751c3eb53 100644
--- a/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs
+++ b/src/Security/Authentication/Cookies/src/CookieAuthenticationEvents.cs
@@ -9,7 +9,7 @@ using Microsoft.Net.Http.Headers;
 namespace Microsoft.AspNetCore.Authentication.Cookies
 {
     /// <summary>
-    /// This default implementation of the ICookieAuthenticationEvents may be used if the 
+    /// This default implementation of the ICookieAuthenticationEvents may be used if the
     /// application only needs to override a few of the interface methods. This may be used as a base class
     /// or may be instantiated directly.
     /// </summary>
@@ -103,9 +103,9 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
 
         private static bool IsAjaxRequest(HttpRequest request)
         {
-            return string.Equals(request.Query["X-Requested-With"], "XMLHttpRequest", StringComparison.Ordinal) ||
-                string.Equals(request.Headers["X-Requested-With"], "XMLHttpRequest", StringComparison.Ordinal);
-        }		
+            return string.Equals(request.Query[HeaderNames.XRequestedWith], "XMLHttpRequest", StringComparison.Ordinal) ||
+                string.Equals(request.Headers[HeaderNames.XRequestedWith], "XMLHttpRequest", StringComparison.Ordinal);
+        }
 
         /// <summary>
         /// Implements the interface method by invoking the related delegate method.
diff --git a/src/SignalR/clients/csharp/Client/test/UnitTests/HttpConnectionTests.Transport.cs b/src/SignalR/clients/csharp/Client/test/UnitTests/HttpConnectionTests.Transport.cs
index 0244af0afd..a15f18faa1 100644
--- a/src/SignalR/clients/csharp/Client/test/UnitTests/HttpConnectionTests.Transport.cs
+++ b/src/SignalR/clients/csharp/Client/test/UnitTests/HttpConnectionTests.Transport.cs
@@ -15,6 +15,7 @@ using Microsoft.AspNetCore.Http.Connections;
 using Microsoft.AspNetCore.Http.Connections.Client;
 using Microsoft.AspNetCore.Http.Connections.Client.Internal;
 using Microsoft.AspNetCore.SignalR.Tests;
+using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.SignalR.Client.Tests
@@ -162,7 +163,7 @@ namespace Microsoft.AspNetCore.SignalR.Client.Tests
 
                 testHttpHandler.OnRequest(async (request, next, token) =>
                 {
-                    var requestedWithHeader = request.Headers.GetValues("X-Requested-With");
+                    var requestedWithHeader = request.Headers.GetValues(HeaderNames.XRequestedWith);
                     var requestedWithValue = Assert.Single(requestedWithHeader);
                     Assert.Equal("XMLHttpRequest", requestedWithValue);
 
diff --git a/src/SignalR/server/SignalR/test/WebSocketsTransportTests.cs b/src/SignalR/server/SignalR/test/WebSocketsTransportTests.cs
index 70b985851f..2c059c3edc 100644
--- a/src/SignalR/server/SignalR/test/WebSocketsTransportTests.cs
+++ b/src/SignalR/server/SignalR/test/WebSocketsTransportTests.cs
@@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Connections;
 using Microsoft.AspNetCore.Http.Connections.Client;
 using Microsoft.AspNetCore.Http.Connections.Client.Internal;
 using Microsoft.AspNetCore.Testing;
+using Microsoft.Net.Http.Headers;
 using Moq;
 using Xunit;
 
@@ -103,7 +104,7 @@ namespace Microsoft.AspNetCore.SignalR.Tests
                 await webSocketsTransport.StartAsync(new Uri(server.WebSocketsUrl + "/httpheader"),
                     TransferFormat.Binary).OrTimeout();
 
-                await webSocketsTransport.Output.WriteAsync(Encoding.UTF8.GetBytes("X-Requested-With"));
+                await webSocketsTransport.Output.WriteAsync(Encoding.UTF8.GetBytes(HeaderNames.XRequestedWith));
 
                 // The HTTP header endpoint closes the connection immediately after sending response which should stop the transport
                 await webSocketsTransport.Running.OrTimeout();