From 9a3aacb56af7221bfb29d851ee6b7c883650ddf6 Mon Sep 17 00:00:00 2001 From: Kahbazi Date: Thu, 12 Dec 2019 09:10:27 +0330 Subject: [PATCH] Replace string.Equals with HttpMethods.IsX (#17805) --- src/Antiforgery/src/Internal/DefaultAntiforgery.cs | 8 ++++---- src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs | 5 +---- src/Middleware/CORS/src/Infrastructure/CorsService.cs | 2 +- .../HttpOverrides/src/HttpMethodOverrideMiddleware.cs | 2 +- .../ResponseCaching/src/ResponseCachingMiddleware.cs | 2 +- src/Mvc/Mvc.Core/src/BindPropertyAttribute.cs | 3 ++- src/Mvc/Mvc.Core/src/RequireHttpsAttribute.cs | 2 +- src/Mvc/Mvc.Cors/src/CorsAuthorizationFilter.cs | 7 ++----- src/Mvc/Mvc.Cors/src/CorsHttpMethodActionConstraint.cs | 3 +-- src/Mvc/Mvc.ViewFeatures/src/DefaultHtmlGenerator.cs | 3 ++- .../AutoValidateAntiforgeryTokenAuthorizationFilter.cs | 9 +++++---- .../JwtBearer/samples/JwtBearerSample/Startup.cs | 2 +- .../OpenIdConnect/src/OpenIdConnectHandler.cs | 8 ++++---- .../Kestrel/test/Interop.FunctionalTests/ChromeTests.cs | 2 +- src/SignalR/clients/ts/FunctionalTests/Startup.cs | 2 +- 15 files changed, 28 insertions(+), 32 deletions(-) diff --git a/src/Antiforgery/src/Internal/DefaultAntiforgery.cs b/src/Antiforgery/src/Internal/DefaultAntiforgery.cs index 3fab8af560..f88d18bf8a 100644 --- a/src/Antiforgery/src/Internal/DefaultAntiforgery.cs +++ b/src/Antiforgery/src/Internal/DefaultAntiforgery.cs @@ -102,10 +102,10 @@ namespace Microsoft.AspNetCore.Antiforgery CheckSSLConfig(httpContext); var method = httpContext.Request.Method; - if (string.Equals(method, "GET", StringComparison.OrdinalIgnoreCase) || - string.Equals(method, "HEAD", StringComparison.OrdinalIgnoreCase) || - string.Equals(method, "OPTIONS", StringComparison.OrdinalIgnoreCase) || - string.Equals(method, "TRACE", StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsGet(method) || + HttpMethods.IsHead(method) || + HttpMethods.IsOptions(method) || + HttpMethods.IsTrace(method)) { // Validation not needed for these request types. return true; diff --git a/src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs b/src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs index 58409f11e5..2eece1f8e1 100644 --- a/src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs +++ b/src/Middleware/CORS/src/Infrastructure/CorsMiddleware.cs @@ -143,10 +143,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure if (corsMetadata is IDisableCorsAttribute) { - var isOptionsRequest = string.Equals( - context.Request.Method, - CorsConstants.PreflightHttpMethod, - StringComparison.OrdinalIgnoreCase); + var isOptionsRequest = HttpMethods.IsOptions(context.Request.Method); var isCorsPreflightRequest = isOptionsRequest && context.Request.Headers.ContainsKey(CorsConstants.AccessControlRequestMethod); diff --git a/src/Middleware/CORS/src/Infrastructure/CorsService.cs b/src/Middleware/CORS/src/Infrastructure/CorsService.cs index 7552d81574..8ed5ca318c 100644 --- a/src/Middleware/CORS/src/Infrastructure/CorsService.cs +++ b/src/Middleware/CORS/src/Infrastructure/CorsService.cs @@ -81,7 +81,7 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure var requestHeaders = context.Request.Headers; var origin = requestHeaders[CorsConstants.Origin]; - var isOptionsRequest = string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase); + var isOptionsRequest = HttpMethods.IsOptions(context.Request.Method); var isPreflightRequest = isOptionsRequest && requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod); if (isOptionsRequest && !isPreflightRequest) diff --git a/src/Middleware/HttpOverrides/src/HttpMethodOverrideMiddleware.cs b/src/Middleware/HttpOverrides/src/HttpMethodOverrideMiddleware.cs index 60965e50b1..6fc75b7a36 100644 --- a/src/Middleware/HttpOverrides/src/HttpMethodOverrideMiddleware.cs +++ b/src/Middleware/HttpOverrides/src/HttpMethodOverrideMiddleware.cs @@ -31,7 +31,7 @@ namespace Microsoft.AspNetCore.HttpOverrides public async Task Invoke(HttpContext context) { - if (string.Equals(context.Request.Method, "POST", StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsPost(context.Request.Method)) { if (_options.FormFieldName != null) { diff --git a/src/Middleware/ResponseCaching/src/ResponseCachingMiddleware.cs b/src/Middleware/ResponseCaching/src/ResponseCachingMiddleware.cs index c64d7c27d8..758bcb1d85 100644 --- a/src/Middleware/ResponseCaching/src/ResponseCachingMiddleware.cs +++ b/src/Middleware/ResponseCaching/src/ResponseCachingMiddleware.cs @@ -346,7 +346,7 @@ namespace Microsoft.AspNetCore.ResponseCaching var bufferStream = context.ResponseCachingStream.GetBufferStream(); if (!contentLength.HasValue || contentLength == bufferStream.Length || (bufferStream.Length == 0 - && string.Equals(context.HttpContext.Request.Method, "HEAD", StringComparison.OrdinalIgnoreCase))) + && HttpMethods.IsHead(context.HttpContext.Request.Method))) { var response = context.HttpContext.Response; // Add a content-length if required diff --git a/src/Mvc/Mvc.Core/src/BindPropertyAttribute.cs b/src/Mvc/Mvc.Core/src/BindPropertyAttribute.cs index 0760f0aa03..434a3166f9 100644 --- a/src/Mvc/Mvc.Core/src/BindPropertyAttribute.cs +++ b/src/Mvc/Mvc.Core/src/BindPropertyAttribute.cs @@ -2,6 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc.Core; using Microsoft.AspNetCore.Mvc.ModelBinding; @@ -83,7 +84,7 @@ namespace Microsoft.AspNetCore.Mvc private static bool IsNonGetRequest(ActionContext context) { - return !string.Equals(context.HttpContext.Request.Method, "GET", StringComparison.OrdinalIgnoreCase); + return !HttpMethods.IsGet(context.HttpContext.Request.Method); } } } diff --git a/src/Mvc/Mvc.Core/src/RequireHttpsAttribute.cs b/src/Mvc/Mvc.Core/src/RequireHttpsAttribute.cs index f8f9c19c01..da616af153 100644 --- a/src/Mvc/Mvc.Core/src/RequireHttpsAttribute.cs +++ b/src/Mvc/Mvc.Core/src/RequireHttpsAttribute.cs @@ -67,7 +67,7 @@ namespace Microsoft.AspNetCore.Mvc { // only redirect for GET requests, otherwise the browser might not propagate the verb and request // body correctly. - if (!string.Equals(filterContext.HttpContext.Request.Method, "GET", StringComparison.OrdinalIgnoreCase)) + if (!HttpMethods.IsGet(filterContext.HttpContext.Request.Method)) { filterContext.Result = new StatusCodeResult(StatusCodes.Status403Forbidden); } diff --git a/src/Mvc/Mvc.Cors/src/CorsAuthorizationFilter.cs b/src/Mvc/Mvc.Cors/src/CorsAuthorizationFilter.cs index f40003abd6..2ad0f3ebb4 100644 --- a/src/Mvc/Mvc.Cors/src/CorsAuthorizationFilter.cs +++ b/src/Mvc/Mvc.Cors/src/CorsAuthorizationFilter.cs @@ -103,11 +103,8 @@ namespace Microsoft.AspNetCore.Mvc.Cors var accessControlRequestMethod = httpContext.Request.Headers[CorsConstants.AccessControlRequestMethod]; - if (string.Equals( - request.Method, - CorsConstants.PreflightHttpMethod, - StringComparison.OrdinalIgnoreCase) && - !StringValues.IsNullOrEmpty(accessControlRequestMethod)) + if (HttpMethods.IsOptions(request.Method) + && !StringValues.IsNullOrEmpty(accessControlRequestMethod)) { // If this was a preflight, there is no need to run anything else. context.Result = new StatusCodeResult(StatusCodes.Status204NoContent); diff --git a/src/Mvc/Mvc.Cors/src/CorsHttpMethodActionConstraint.cs b/src/Mvc/Mvc.Cors/src/CorsHttpMethodActionConstraint.cs index cab2f0c676..4fb9a22f68 100644 --- a/src/Mvc/Mvc.Cors/src/CorsHttpMethodActionConstraint.cs +++ b/src/Mvc/Mvc.Cors/src/CorsHttpMethodActionConstraint.cs @@ -12,7 +12,6 @@ namespace Microsoft.AspNetCore.Mvc.Cors { private readonly string OriginHeader = "Origin"; private readonly string AccessControlRequestMethod = "Access-Control-Request-Method"; - private readonly string PreflightHttpMethod = "OPTIONS"; public CorsHttpMethodActionConstraint(HttpMethodActionConstraint constraint) : base(constraint.HttpMethods) @@ -34,7 +33,7 @@ namespace Microsoft.AspNetCore.Mvc.Cors var request = context.RouteContext.HttpContext.Request; // Perf: Check http method before accessing the Headers collection. - if (string.Equals(request.Method, PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) && + if (Http.HttpMethods.IsOptions(request.Method) && request.Headers.ContainsKey(OriginHeader) && request.Headers.TryGetValue(AccessControlRequestMethod, out var accessControlRequestMethod) && !StringValues.IsNullOrEmpty(accessControlRequestMethod)) diff --git a/src/Mvc/Mvc.ViewFeatures/src/DefaultHtmlGenerator.cs b/src/Mvc/Mvc.ViewFeatures/src/DefaultHtmlGenerator.cs index d546c59e4e..4169b94cba 100644 --- a/src/Mvc/Mvc.ViewFeatures/src/DefaultHtmlGenerator.cs +++ b/src/Mvc/Mvc.ViewFeatures/src/DefaultHtmlGenerator.cs @@ -12,6 +12,7 @@ using System.Reflection; using System.Text.Encodings.Web; using Microsoft.AspNetCore.Antiforgery; using Microsoft.AspNetCore.Html; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc.ModelBinding; using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Mvc.Routing; @@ -307,7 +308,7 @@ namespace Microsoft.AspNetCore.Mvc.ViewFeatures { defaultMethod = true; } - else if (string.Equals(method, "post", StringComparison.OrdinalIgnoreCase)) + else if (HttpMethods.IsPost(method)) { defaultMethod = true; } diff --git a/src/Mvc/Mvc.ViewFeatures/src/Filters/AutoValidateAntiforgeryTokenAuthorizationFilter.cs b/src/Mvc/Mvc.ViewFeatures/src/Filters/AutoValidateAntiforgeryTokenAuthorizationFilter.cs index 032fa98ec6..80cbd6b3f6 100644 --- a/src/Mvc/Mvc.ViewFeatures/src/Filters/AutoValidateAntiforgeryTokenAuthorizationFilter.cs +++ b/src/Mvc/Mvc.ViewFeatures/src/Filters/AutoValidateAntiforgeryTokenAuthorizationFilter.cs @@ -3,6 +3,7 @@ using System; using Microsoft.AspNetCore.Antiforgery; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.Extensions.Logging; @@ -23,10 +24,10 @@ namespace Microsoft.AspNetCore.Mvc.ViewFeatures.Filters } var method = context.HttpContext.Request.Method; - if (string.Equals("GET", method, StringComparison.OrdinalIgnoreCase) || - string.Equals("HEAD", method, StringComparison.OrdinalIgnoreCase) || - string.Equals("TRACE", method, StringComparison.OrdinalIgnoreCase) || - string.Equals("OPTIONS", method, StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsGet(method) || + HttpMethods.IsHead(method) || + HttpMethods.IsTrace(method) || + HttpMethods.IsOptions(method)) { return false; } diff --git a/src/Security/Authentication/JwtBearer/samples/JwtBearerSample/Startup.cs b/src/Security/Authentication/JwtBearer/samples/JwtBearerSample/Startup.cs index 65a3e40f7a..4f8831b29e 100644 --- a/src/Security/Authentication/JwtBearer/samples/JwtBearerSample/Startup.cs +++ b/src/Security/Authentication/JwtBearer/samples/JwtBearerSample/Startup.cs @@ -78,7 +78,7 @@ namespace JwtBearerSample todoApp.Run(async context => { var response = context.Response; - if (context.Request.Method.Equals("POST", System.StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsPost(context.Request.Method)) { var reader = new StreamReader(context.Request.Body); var body = await reader.ReadToEndAsync(); diff --git a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs index 65ad366a50..10085f5cea 100644 --- a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs +++ b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs @@ -78,13 +78,13 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect { OpenIdConnectMessage message = null; - if (string.Equals(Request.Method, "GET", StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsGet(Request.Method)) { message = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair(pair.Key, pair.Value))); } // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small. - else if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase) + else if (HttpMethods.IsPost(Request.Method) && !string.IsNullOrEmpty(Request.ContentType) // May have media/type; charset=utf-8, allow partial match. && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) @@ -482,7 +482,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect OpenIdConnectMessage authorizationResponse = null; - if (string.Equals(Request.Method, "GET", StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsGet(Request.Method)) { authorizationResponse = new OpenIdConnectMessage(Request.Query.Select(pair => new KeyValuePair(pair.Key, pair.Value))); @@ -501,7 +501,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect } } // assumption: if the ContentType is "application/x-www-form-urlencoded" it should be safe to read as it is small. - else if (string.Equals(Request.Method, "POST", StringComparison.OrdinalIgnoreCase) + else if (HttpMethods.IsPost(Request.Method) && !string.IsNullOrEmpty(Request.ContentType) // May have media/type; charset=utf-8, allow partial match. && Request.ContentType.StartsWith("application/x-www-form-urlencoded", StringComparison.OrdinalIgnoreCase) diff --git a/src/Servers/Kestrel/test/Interop.FunctionalTests/ChromeTests.cs b/src/Servers/Kestrel/test/Interop.FunctionalTests/ChromeTests.cs index de82af3a98..9ca98c4815 100644 --- a/src/Servers/Kestrel/test/Interop.FunctionalTests/ChromeTests.cs +++ b/src/Servers/Kestrel/test/Interop.FunctionalTests/ChromeTests.cs @@ -83,7 +83,7 @@ namespace Interop.FunctionalTests .ConfigureServices(AddTestLogging) .Configure(app => app.Run(async context => { - if (string.Equals(context.Request.Query["TestMethod"], "POST", StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsPost(context.Request.Query["TestMethod"])) { await context.Response.WriteAsync(_postHtml); } diff --git a/src/SignalR/clients/ts/FunctionalTests/Startup.cs b/src/SignalR/clients/ts/FunctionalTests/Startup.cs index a7ad5a3886..747d99305d 100644 --- a/src/SignalR/clients/ts/FunctionalTests/Startup.cs +++ b/src/SignalR/clients/ts/FunctionalTests/Startup.cs @@ -136,7 +136,7 @@ namespace FunctionalTests } } - if (string.Equals(context.Request.Method, "OPTIONS", StringComparison.OrdinalIgnoreCase)) + if (HttpMethods.IsOptions(context.Request.Method)) { context.Response.StatusCode = StatusCodes.Status204NoContent; return Task.CompletedTask;