Log when a request is an OPTIONS request but not a preflight request
Fixes https://github.com/aspnet/AspNetCore/issues/2375
This commit is contained in:
parent
2690a3f621
commit
e6bdf128f2
|
|
@ -92,9 +92,14 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
|
||||||
|
|
||||||
var origin = context.Request.Headers[CorsConstants.Origin];
|
var origin = context.Request.Headers[CorsConstants.Origin];
|
||||||
var requestHeaders = context.Request.Headers;
|
var requestHeaders = context.Request.Headers;
|
||||||
var isPreflightRequest =
|
|
||||||
string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) &&
|
var isOptionsRequest = string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase);
|
||||||
requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod);
|
var isPreflightRequest = isOptionsRequest && requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod);
|
||||||
|
|
||||||
|
if (isOptionsRequest && !isPreflightRequest)
|
||||||
|
{
|
||||||
|
_logger.IsNotPreflightRequest();
|
||||||
|
}
|
||||||
|
|
||||||
var corsResult = new CorsResult
|
var corsResult = new CorsResult
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ namespace Microsoft.AspNetCore.Cors.Internal
|
||||||
private static readonly Action<ILogger, Exception> _failedToSetCorsHeaders;
|
private static readonly Action<ILogger, Exception> _failedToSetCorsHeaders;
|
||||||
private static readonly Action<ILogger, Exception> _noCorsPolicyFound;
|
private static readonly Action<ILogger, Exception> _noCorsPolicyFound;
|
||||||
private static readonly Action<ILogger, Exception> _insecureConfiguration;
|
private static readonly Action<ILogger, Exception> _insecureConfiguration;
|
||||||
|
private static readonly Action<ILogger, Exception> _isNotPreflightRequest;
|
||||||
|
|
||||||
static CORSLoggerExtensions()
|
static CORSLoggerExtensions()
|
||||||
{
|
{
|
||||||
|
|
@ -76,6 +77,11 @@ namespace Microsoft.AspNetCore.Cors.Internal
|
||||||
LogLevel.Warning,
|
LogLevel.Warning,
|
||||||
new EventId(11, "CorsInsecureConfiguration"),
|
new EventId(11, "CorsInsecureConfiguration"),
|
||||||
"The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.");
|
"The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.");
|
||||||
|
|
||||||
|
_isNotPreflightRequest = LoggerMessage.Define(
|
||||||
|
LogLevel.Debug,
|
||||||
|
new EventId(12, "OptionsRequestWithoutAccessControlRequestMethodHeader"),
|
||||||
|
"This request uses the HTTP OPTIONS method but does not have an Access-Control-Request-Method header. This request will not be treated as a CORS preflight request.");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void IsPreflightRequest(this ILogger logger)
|
public static void IsPreflightRequest(this ILogger logger)
|
||||||
|
|
@ -132,5 +138,10 @@ namespace Microsoft.AspNetCore.Cors.Internal
|
||||||
{
|
{
|
||||||
_insecureConfiguration(logger, null);
|
_insecureConfiguration(logger, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void IsNotPreflightRequest(this ILogger logger)
|
||||||
|
{
|
||||||
|
_isNotPreflightRequest(logger, null);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue