Add single csv values so that there is a single response header added per value.

2015-06-23 15:57:09 -07:00 · 2015-06-23 15:57:09 -07:00 · b1ade8f2cf
parent 88fa7fb51a
commit b1ade8f2cf
2 changed files with 44 additions and 31 deletions
--- a/src/Microsoft.AspNet.Cors.Core/CorsService.cs
+++ b/src/Microsoft.AspNet.Cors.Core/CorsService.cs
@ -137,7 +137,9 @@ namespace Microsoft.AspNet.Cors.Core

                if (nonSimpleAllowMethods.Length > 0)
                {
-                    headers.Add(CorsConstants.AccessControlAllowMethods, nonSimpleAllowMethods);
+                    headers.SetCommaSeparatedValues(
+                        CorsConstants.AccessControlAllowMethods,
+                        nonSimpleAllowMethods);
                }
            }

@ -151,7 +153,9 @@ namespace Microsoft.AspNet.Cors.Core

                if (nonSimpleAllowRequestHeaders.Length > 0)
                {
-                    headers.Add(CorsConstants.AccessControlAllowHeaders, nonSimpleAllowRequestHeaders);
+                    headers.SetCommaSeparatedValues(
+                        CorsConstants.AccessControlAllowHeaders,
+                        nonSimpleAllowRequestHeaders);
                }
            }

@ -162,9 +166,12 @@ namespace Microsoft.AspNet.Cors.Core
                    .Where(header =>
                        !CorsConstants.SimpleResponseHeaders.Contains(header, StringComparer.OrdinalIgnoreCase))
                    .ToArray();
+
                if (nonSimpleAllowResponseHeaders.Length > 0)
                {
-                    headers.Add(CorsConstants.AccessControlExposeHeaders, nonSimpleAllowResponseHeaders.ToArray());
+                    headers.SetCommaSeparatedValues(
+                        CorsConstants.AccessControlExposeHeaders,
+                        nonSimpleAllowResponseHeaders);
                }
            }

--- a/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
+++ b/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
@ -643,6 +643,8 @@ namespace Microsoft.AspNet.Cors.Core.Test

            // Assert
            Assert.Contains("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys);
+            var value = Assert.Single(httpContext.Response.Headers.Values);
+            Assert.Equal(new[] { "PUT,DELETE" }, value);
            var methods = httpContext.Response.Headers["Access-Control-Allow-Methods"].Split(',');
            Assert.Equal(2, methods.Length);
            Assert.Contains("PUT", methods);
@ -721,6 +723,8 @@ namespace Microsoft.AspNet.Cors.Core.Test

            // Assert
            Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys);
+            var value = Assert.Single(httpContext.Response.Headers.Values);
+            Assert.Equal(new[] { "foo,bar,baz" }, value);
            string[] headerValues = httpContext.Response.Headers["Access-Control-Allow-Headers"].Split(',');
            Assert.Equal(3, headerValues.Length);
            Assert.Contains("foo", headerValues);
@ -824,6 +828,8 @@ namespace Microsoft.AspNet.Cors.Core.Test

            // Assert
            Assert.Contains("Access-Control-Expose-Headers", httpContext.Response.Headers.Keys);
+            var value = Assert.Single(httpContext.Response.Headers.Values);
+            Assert.Equal(new[] { "foo,bar,baz" }, value);
            string[] exposedHeaderValues = httpContext.Response.Headers["Access-Control-Expose-Headers"].Split(',');
            Assert.Equal(3, exposedHeaderValues.Length);
            Assert.Contains("foo", exposedHeaderValues);