From bf6406bc2a9127c11c41b2ef048ee527a8be871c Mon Sep 17 00:00:00 2001
From: Ryan Nowak <nowakra@gmail.com>
Date: Wed, 16 Dec 2015 12:48:03 -0800
Subject: [PATCH] PR feedback

---
 .../AntiforgeryOptions.cs                       |  9 ++-------
 .../DefaultAntiforgeryTokenGenerator.cs         | 17 ++++++++---------
 2 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/src/Microsoft.AspNet.Antiforgery/AntiforgeryOptions.cs b/src/Microsoft.AspNet.Antiforgery/AntiforgeryOptions.cs
index 2308e36699..49656dd068 100644
--- a/src/Microsoft.AspNet.Antiforgery/AntiforgeryOptions.cs
+++ b/src/Microsoft.AspNet.Antiforgery/AntiforgeryOptions.cs
@@ -11,10 +11,9 @@ namespace Microsoft.AspNet.Antiforgery
     public class AntiforgeryOptions
     {
         private const string AntiforgeryTokenFieldName = "__RequestVerificationToken";
-        private const string AntiforgertyTokenHeaderName = "RequestVerificationToken";
+        private const string AntiforgeryTokenHeaderName = "RequestVerificationToken";
 
         private string _cookieName;
-        private string _headerName = AntiforgertyTokenHeaderName;
         private string _formFieldName = AntiforgeryTokenFieldName;
 
         /// <summary>
@@ -64,11 +63,7 @@ namespace Microsoft.AspNet.Antiforgery
         /// Specifies the name of the header value that is used by the antiforgery system. If <c>null</c> then
         /// antiforgery validation will only consider form data.
         /// </summary>
-        public string HeaderName
-        {
-            get { return _headerName; }
-            set { _headerName = value; }
-        }
+        public string HeaderName { get; set; } = AntiforgeryTokenHeaderName;
 
         /// <summary>
         /// Specifies whether SSL is required for the antiforgery system
diff --git a/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs b/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
index 32a2581f71..8cd2160238 100644
--- a/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
+++ b/src/Microsoft.AspNet.Antiforgery/DefaultAntiforgeryTokenGenerator.cs
@@ -123,7 +123,7 @@ namespace Microsoft.AspNet.Antiforgery
             }
 
             // Are the security tokens embedded in each incoming token identical?
-            if (!Equals(cookieToken.SecurityToken, requestToken.SecurityToken))
+            if (!object.Equals(cookieToken.SecurityToken, requestToken.SecurityToken))
             {
                 throw new InvalidOperationException(Resources.AntiforgeryToken_SecurityTokenMismatch);
             }
@@ -144,15 +144,14 @@ namespace Microsoft.AspNet.Antiforgery
 
             // OpenID and other similar authentication schemes use URIs for the username.
             // These should be treated as case-sensitive.
-            var useCaseSensitiveUsernameComparison =
-                currentUsername.StartsWith("http://", StringComparison.OrdinalIgnoreCase) ||
-                currentUsername.StartsWith("https://", StringComparison.OrdinalIgnoreCase);
+            var comparer = StringComparer.OrdinalIgnoreCase;
+            if (currentUsername.StartsWith("http://", StringComparison.OrdinalIgnoreCase) ||
+                currentUsername.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
+            {
+                comparer = StringComparer.Ordinal;
+            }
 
-            if (!string.Equals(requestToken.Username,
-                                currentUsername,
-                                (useCaseSensitiveUsernameComparison) ?
-                                                 StringComparison.Ordinal :
-                                                 StringComparison.OrdinalIgnoreCase))
+            if (!comparer.Equals(requestToken.Username, currentUsername))
             {
                 throw new InvalidOperationException(
                     Resources.FormatAntiforgeryToken_UsernameMismatch(requestToken.Username, currentUsername));