PR feedback

2015-12-16 12:48:03 -08:00 · 2015-12-16 12:48:03 -08:00 · bf6406bc2a
parent ea43ce1bb7
commit bf6406bc2a
2 changed files with 10 additions and 16 deletions
--- a/src/Microsoft.AspNet.Antiforgery/AntiforgeryOptions.cs
+++ b/src/Microsoft.AspNet.Antiforgery/AntiforgeryOptions.cs
@ -11,10 +11,9 @@ namespace Microsoft.AspNet.Antiforgery
    public class AntiforgeryOptions
    {
        private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
-        private const string AntiforgertyTokenHeaderName = "RequestVerificationToken";
+        private const string AntiforgeryTokenHeaderName = "RequestVerificationToken";

        private string _cookieName;
-        private string _headerName = AntiforgertyTokenHeaderName;
        private string _formFieldName = AntiforgeryTokenFieldName;

        /// <summary>
@ -64,11 +63,7 @@ namespace Microsoft.AspNet.Antiforgery
        /// Specifies the name of the header value that is used by the antiforgery system. If <c>null</c> then
        /// antiforgery validation will only consider form data.
        /// </summary>
-        public string HeaderName
-        {
-            get { return _headerName; }
-            set { _headerName = value; }
-        }
+        public string HeaderName { get; set; } = AntiforgeryTokenHeaderName;

        /// <summary>
        /// Specifies whether SSL is required for the antiforgery system
--- a/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
+++ b/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
@ -123,7 +123,7 @@ namespace Microsoft.AspNet.Antiforgery
            }

            // Are the security tokens embedded in each incoming token identical?
-            if (!Equals(cookieToken.SecurityToken, requestToken.SecurityToken))
+            if (!object.Equals(cookieToken.SecurityToken, requestToken.SecurityToken))
            {
                throw new InvalidOperationException(Resources.AntiforgeryToken_SecurityTokenMismatch);
            }
@ -144,15 +144,14 @@ namespace Microsoft.AspNet.Antiforgery

            // OpenID and other similar authentication schemes use URIs for the username.
            // These should be treated as case-sensitive.
-            var useCaseSensitiveUsernameComparison =
-                currentUsername.StartsWith("http://", StringComparison.OrdinalIgnoreCase) ||
-                currentUsername.StartsWith("https://", StringComparison.OrdinalIgnoreCase);
+            var comparer = StringComparer.OrdinalIgnoreCase;
+            if (currentUsername.StartsWith("http://", StringComparison.OrdinalIgnoreCase) ||
+                currentUsername.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+            {
+                comparer = StringComparer.Ordinal;
+            }

-            if (!string.Equals(requestToken.Username,
-                                currentUsername,
-                                (useCaseSensitiveUsernameComparison) ?
-                                                 StringComparison.Ordinal :
-                                                 StringComparison.OrdinalIgnoreCase))
+            if (!comparer.Equals(requestToken.Username, currentUsername))
            {
                throw new InvalidOperationException(
                    Resources.FormatAntiforgeryToken_UsernameMismatch(requestToken.Username, currentUsername));