Add single csv values so that there is a single response header added per value.
This commit is contained in:
parent
88fa7fb51a
commit
b1ade8f2cf
|
|
@ -93,8 +93,8 @@ namespace Microsoft.AspNet.Cors.Core
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!policy.AllowAnyHeader &&
|
if (!policy.AllowAnyHeader &&
|
||||||
requestHeaders != null &&
|
requestHeaders != null &&
|
||||||
!requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
|
!requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
|
||||||
{
|
{
|
||||||
return;
|
return;
|
||||||
|
|
@ -137,7 +137,9 @@ namespace Microsoft.AspNet.Cors.Core
|
||||||
|
|
||||||
if (nonSimpleAllowMethods.Length > 0)
|
if (nonSimpleAllowMethods.Length > 0)
|
||||||
{
|
{
|
||||||
headers.Add(CorsConstants.AccessControlAllowMethods, nonSimpleAllowMethods);
|
headers.SetCommaSeparatedValues(
|
||||||
|
CorsConstants.AccessControlAllowMethods,
|
||||||
|
nonSimpleAllowMethods);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -151,7 +153,9 @@ namespace Microsoft.AspNet.Cors.Core
|
||||||
|
|
||||||
if (nonSimpleAllowRequestHeaders.Length > 0)
|
if (nonSimpleAllowRequestHeaders.Length > 0)
|
||||||
{
|
{
|
||||||
headers.Add(CorsConstants.AccessControlAllowHeaders, nonSimpleAllowRequestHeaders);
|
headers.SetCommaSeparatedValues(
|
||||||
|
CorsConstants.AccessControlAllowHeaders,
|
||||||
|
nonSimpleAllowRequestHeaders);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -162,9 +166,12 @@ namespace Microsoft.AspNet.Cors.Core
|
||||||
.Where(header =>
|
.Where(header =>
|
||||||
!CorsConstants.SimpleResponseHeaders.Contains(header, StringComparer.OrdinalIgnoreCase))
|
!CorsConstants.SimpleResponseHeaders.Contains(header, StringComparer.OrdinalIgnoreCase))
|
||||||
.ToArray();
|
.ToArray();
|
||||||
|
|
||||||
if (nonSimpleAllowResponseHeaders.Length > 0)
|
if (nonSimpleAllowResponseHeaders.Length > 0)
|
||||||
{
|
{
|
||||||
headers.Add(CorsConstants.AccessControlExposeHeaders, nonSimpleAllowResponseHeaders.ToArray());
|
headers.SetCommaSeparatedValues(
|
||||||
|
CorsConstants.AccessControlExposeHeaders,
|
||||||
|
nonSimpleAllowResponseHeaders);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var result = corsService.EvaluatePolicy(requestContext, new CorsPolicy());
|
var result = corsService.EvaluatePolicy(requestContext, new CorsPolicy());
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Null(result.AllowedOrigin);
|
Assert.Null(result.AllowedOrigin);
|
||||||
Assert.False(result.VaryByOrigin);
|
Assert.False(result.VaryByOrigin);
|
||||||
|
|
@ -303,7 +303,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var result = corsService.EvaluatePolicy(requestContext, policy);
|
var result = corsService.EvaluatePolicy(requestContext, policy);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal(TimeSpan.FromSeconds(10), result.PreflightMaxAge);
|
Assert.Equal(TimeSpan.FromSeconds(10), result.PreflightMaxAge);
|
||||||
}
|
}
|
||||||
|
|
@ -380,7 +380,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var result = corsService.EvaluatePolicy(requestContext, policy);
|
var result = corsService.EvaluatePolicy(requestContext, policy);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal(2, result.AllowedHeaders.Count);
|
Assert.Equal(2, result.AllowedHeaders.Count);
|
||||||
Assert.Contains("foo", result.AllowedHeaders);
|
Assert.Contains("foo", result.AllowedHeaders);
|
||||||
|
|
@ -430,7 +430,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var result = corsService.EvaluatePolicy(requestContext, policy);
|
var result = corsService.EvaluatePolicy(requestContext, policy);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Empty(result.AllowedHeaders);
|
Assert.Empty(result.AllowedHeaders);
|
||||||
Assert.Empty(result.AllowedMethods);
|
Assert.Empty(result.AllowedMethods);
|
||||||
|
|
@ -447,7 +447,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var policy = new CorsPolicy();
|
var policy = new CorsPolicy();
|
||||||
policy.Methods.Add("POST");
|
policy.Methods.Add("POST");
|
||||||
var httpContext = GetHttpContext(origin: null, accessControlRequestMethod: "post");
|
var httpContext = GetHttpContext(origin: null, accessControlRequestMethod: "post");
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var result = corsService.EvaluatePolicy(httpContext, policy);
|
var result = corsService.EvaluatePolicy(httpContext, policy);
|
||||||
|
|
||||||
|
|
@ -487,7 +487,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -506,7 +506,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -525,7 +525,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -543,7 +543,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
|
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
|
|
@ -563,7 +563,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -582,7 +582,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -601,7 +601,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -618,7 +618,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -638,11 +638,13 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Contains("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys);
|
Assert.Contains("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys);
|
||||||
|
var value = Assert.Single(httpContext.Response.Headers.Values);
|
||||||
|
Assert.Equal(new[] { "PUT,DELETE" }, value);
|
||||||
var methods = httpContext.Response.Headers["Access-Control-Allow-Methods"].Split(',');
|
var methods = httpContext.Response.Headers["Access-Control-Allow-Methods"].Split(',');
|
||||||
Assert.Equal(2, methods.Length);
|
Assert.Equal(2, methods.Length);
|
||||||
Assert.Contains("PUT", methods);
|
Assert.Contains("PUT", methods);
|
||||||
|
|
@ -661,7 +663,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -680,7 +682,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -697,7 +699,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -716,11 +718,13 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys);
|
Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys);
|
||||||
|
var value = Assert.Single(httpContext.Response.Headers.Values);
|
||||||
|
Assert.Equal(new[] { "foo,bar,baz" }, value);
|
||||||
string[] headerValues = httpContext.Response.Headers["Access-Control-Allow-Headers"].Split(',');
|
string[] headerValues = httpContext.Response.Headers["Access-Control-Allow-Headers"].Split(',');
|
||||||
Assert.Equal(3, headerValues.Length);
|
Assert.Equal(3, headerValues.Length);
|
||||||
Assert.Contains("foo", headerValues);
|
Assert.Contains("foo", headerValues);
|
||||||
|
|
@ -741,7 +745,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -764,7 +768,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -783,7 +787,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -800,7 +804,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -819,11 +823,13 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Contains("Access-Control-Expose-Headers", httpContext.Response.Headers.Keys);
|
Assert.Contains("Access-Control-Expose-Headers", httpContext.Response.Headers.Keys);
|
||||||
|
var value = Assert.Single(httpContext.Response.Headers.Values);
|
||||||
|
Assert.Equal(new[] { "foo,bar,baz" }, value);
|
||||||
string[] exposedHeaderValues = httpContext.Response.Headers["Access-Control-Expose-Headers"].Split(',');
|
string[] exposedHeaderValues = httpContext.Response.Headers["Access-Control-Expose-Headers"].Split(',');
|
||||||
Assert.Equal(3, exposedHeaderValues.Length);
|
Assert.Equal(3, exposedHeaderValues.Length);
|
||||||
Assert.Contains("foo", exposedHeaderValues);
|
Assert.Contains("foo", exposedHeaderValues);
|
||||||
|
|
@ -843,7 +849,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
|
|
@ -861,14 +867,14 @@ namespace Microsoft.AspNet.Cors.Core.Test
|
||||||
var httpContext = new DefaultHttpContext();
|
var httpContext = new DefaultHttpContext();
|
||||||
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
var service = new CorsService(Mock.Of<IOptions<CorsOptions>>());
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
service.ApplyResult(result, httpContext.Response);
|
service.ApplyResult(result, httpContext.Response);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal("30", httpContext.Response.Headers["Access-Control-Max-Age"]);
|
Assert.Equal("30", httpContext.Response.Headers["Access-Control-Max-Age"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
private static HttpContext GetHttpContext(
|
private static HttpContext GetHttpContext(
|
||||||
string method = null,
|
string method = null,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue