Made HttpMethod match case-INsensitive
Related to https://github.com/aspnet/CORS/issues/77
This commit is contained in:
parent
67dce322df
commit
936f5a4f6a
|
|
@ -83,7 +83,7 @@ namespace Microsoft.AspNetCore.Mvc.Cors
|
||||||
if (string.Equals(
|
if (string.Equals(
|
||||||
request.Method,
|
request.Method,
|
||||||
CorsConstants.PreflightHttpMethod,
|
CorsConstants.PreflightHttpMethod,
|
||||||
StringComparison.Ordinal) &&
|
StringComparison.OrdinalIgnoreCase) &&
|
||||||
!StringValues.IsNullOrEmpty(accessControlRequestMethod))
|
!StringValues.IsNullOrEmpty(accessControlRequestMethod))
|
||||||
{
|
{
|
||||||
// If this was a preflight, there is no need to run anything else.
|
// If this was a preflight, there is no need to run anything else.
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,7 @@ namespace Microsoft.AspNetCore.Mvc.Cors.Internal
|
||||||
if (string.Equals(
|
if (string.Equals(
|
||||||
context.HttpContext.Request.Method,
|
context.HttpContext.Request.Method,
|
||||||
CorsConstants.PreflightHttpMethod,
|
CorsConstants.PreflightHttpMethod,
|
||||||
StringComparison.Ordinal) &&
|
StringComparison.OrdinalIgnoreCase) &&
|
||||||
!StringValues.IsNullOrEmpty(accessControlRequestMethod))
|
!StringValues.IsNullOrEmpty(accessControlRequestMethod))
|
||||||
{
|
{
|
||||||
// Short circuit if the request is preflight as that should not result in action execution.
|
// Short circuit if the request is preflight as that should not result in action execution.
|
||||||
|
|
|
||||||
|
|
@ -20,8 +20,11 @@ namespace Microsoft.AspNetCore.Mvc.Cors
|
||||||
{
|
{
|
||||||
public class CorsAuthorizationFilterTest
|
public class CorsAuthorizationFilterTest
|
||||||
{
|
{
|
||||||
[Fact]
|
[Theory]
|
||||||
public async Task PreFlightRequest_SuccessfulMatch_WritesHeaders()
|
[InlineData("options")]
|
||||||
|
[InlineData("Options")]
|
||||||
|
[InlineData("OPTIONS")]
|
||||||
|
public async Task CaseInsensitive_PreFlightRequest_SuccessfulMatch_WritesHeaders(string preflightRequestMethod)
|
||||||
{
|
{
|
||||||
// Arrange
|
// Arrange
|
||||||
var mockEngine = GetPassingEngine(supportsCredentials:true);
|
var mockEngine = GetPassingEngine(supportsCredentials:true);
|
||||||
|
|
@ -31,6 +34,7 @@ namespace Microsoft.AspNetCore.Mvc.Cors
|
||||||
new[] { new FilterDescriptor(filter, FilterScope.Action) },
|
new[] { new FilterDescriptor(filter, FilterScope.Action) },
|
||||||
GetRequestHeaders(true),
|
GetRequestHeaders(true),
|
||||||
isPreflight: true);
|
isPreflight: true);
|
||||||
|
authorizationContext.HttpContext.Request.Method = preflightRequestMethod;
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
await filter.OnAuthorizationAsync(authorizationContext);
|
await filter.OnAuthorizationAsync(authorizationContext);
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,80 @@
|
||||||
|
// Copyright (c) .NET Foundation. All rights reserved.
|
||||||
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||||
|
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Threading.Tasks;
|
||||||
|
using Microsoft.AspNetCore.Cors.Infrastructure;
|
||||||
|
using Microsoft.AspNetCore.Http;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Abstractions;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Cors.Internal;
|
||||||
|
using Microsoft.AspNetCore.Mvc.Filters;
|
||||||
|
using Microsoft.AspNetCore.Routing;
|
||||||
|
using Xunit;
|
||||||
|
|
||||||
|
namespace Microsoft.AspNetCore.Mvc.Cors
|
||||||
|
{
|
||||||
|
public class DisableCorsAuthorizationFilterTest
|
||||||
|
{
|
||||||
|
[Fact]
|
||||||
|
public async Task DisableCors_DoesNotShortCircuitsRequest_IfNotAPreflightRequest()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var filter = new DisableCorsAuthorizationFilter();
|
||||||
|
var httpContext = new DefaultHttpContext();
|
||||||
|
httpContext.Request.Method = "GET";
|
||||||
|
httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/");
|
||||||
|
httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, "PUT");
|
||||||
|
var authorizationFilterContext = new AuthorizationFilterContext(
|
||||||
|
new ActionContext(httpContext, new RouteData(), new ActionDescriptor()),
|
||||||
|
new List<IFilterMetadata>());
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await filter.OnAuthorizationAsync(authorizationFilterContext);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Null(authorizationFilterContext.Result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task DisableCors_DoesNotShortCircuitsRequest_IfNoAccessControlRequestMethodFound()
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var filter = new DisableCorsAuthorizationFilter();
|
||||||
|
var httpContext = new DefaultHttpContext();
|
||||||
|
httpContext.Request.Method = "OPTIONS";
|
||||||
|
httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/");
|
||||||
|
var authorizationFilterContext = new AuthorizationFilterContext(
|
||||||
|
new ActionContext(httpContext, new RouteData(), new ActionDescriptor()),
|
||||||
|
new List<IFilterMetadata>());
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await filter.OnAuthorizationAsync(authorizationFilterContext);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Null(authorizationFilterContext.Result);
|
||||||
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[InlineData("OpTions")]
|
||||||
|
[InlineData("OPTIONS")]
|
||||||
|
public async Task DisableCors_CaseInsensitivePreflightMethod_ShortCircuitsRequest(string preflightMethod)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var filter = new DisableCorsAuthorizationFilter();
|
||||||
|
var httpContext = new DefaultHttpContext();
|
||||||
|
httpContext.Request.Method = preflightMethod;
|
||||||
|
httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/");
|
||||||
|
httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, "PUT");
|
||||||
|
var authorizationFilterContext = new AuthorizationFilterContext(
|
||||||
|
new ActionContext(httpContext, new RouteData(), new ActionDescriptor()),
|
||||||
|
new List<IFilterMetadata>());
|
||||||
|
|
||||||
|
// Act
|
||||||
|
await filter.OnAuthorizationAsync(authorizationFilterContext);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
var statusCodeResult = Assert.IsType<StatusCodeResult>(authorizationFilterContext.Result);
|
||||||
|
Assert.Equal(StatusCodes.Status200OK, statusCodeResult.StatusCode);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue