diff --git a/src/Microsoft.AspNet.Cors.Core/CorsService.cs b/src/Microsoft.AspNet.Cors.Core/CorsService.cs
index 3bfac415ff..3be0a1663b 100644
--- a/src/Microsoft.AspNet.Cors.Core/CorsService.cs
+++ b/src/Microsoft.AspNet.Cors.Core/CorsService.cs
@@ -3,10 +3,12 @@
using System;
using System.Collections.Generic;
+using System.Globalization;
using System.Linq;
using Microsoft.AspNet.Http;
using Microsoft.Framework.Internal;
using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.Primitives;
namespace Microsoft.AspNet.Cors.Core
{
@@ -33,7 +35,7 @@ namespace Microsoft.AspNet.Cors.Core
///
///
/// A which contains the result of policy evaluation and can be
- /// used by the caller to set apporpriate response headers.
+ /// used by the caller to set appropriate response headers.
public CorsResult EvaluatePolicy([NotNull] HttpContext context, string policyName)
{
var policy = _options.GetPolicy(policyName);
@@ -44,9 +46,9 @@ namespace Microsoft.AspNet.Cors.Core
public CorsResult EvaluatePolicy([NotNull] HttpContext context, [NotNull] CorsPolicy policy)
{
var corsResult = new CorsResult();
- var accessControlRequestMethod = context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod);
+ var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod];
if (string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.Ordinal) &&
- accessControlRequestMethod != null)
+ !StringValues.IsNullOrEmpty(accessControlRequestMethod))
{
EvaluatePreflightRequest(context, policy, corsResult);
}
@@ -60,8 +62,8 @@ namespace Microsoft.AspNet.Cors.Core
public virtual void EvaluateRequest(HttpContext context, CorsPolicy policy, CorsResult result)
{
- var origin = context.Request.Headers.Get(CorsConstants.Origin);
- if (origin == null || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin))
+ var origin = context.Request.Headers[CorsConstants.Origin];
+ if (StringValues.IsNullOrEmpty(origin) || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin))
{
return;
}
@@ -73,14 +75,14 @@ namespace Microsoft.AspNet.Cors.Core
public virtual void EvaluatePreflightRequest(HttpContext context, CorsPolicy policy, CorsResult result)
{
- var origin = context.Request.Headers.Get(CorsConstants.Origin);
- if (origin == null || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin))
+ var origin = context.Request.Headers[CorsConstants.Origin];
+ if (StringValues.IsNullOrEmpty(origin) || !policy.AllowAnyOrigin && !policy.Origins.Contains(origin))
{
return;
}
- var accessControlRequestMethod = context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod);
- if (accessControlRequestMethod == null)
+ var accessControlRequestMethod = context.Request.Headers[CorsConstants.AccessControlRequestMethod];
+ if (StringValues.IsNullOrEmpty(accessControlRequestMethod))
{
return;
}
@@ -114,17 +116,17 @@ namespace Microsoft.AspNet.Cors.Core
if (result.AllowedOrigin != null)
{
- headers.Add(CorsConstants.AccessControlAllowOrigin, new[] { result.AllowedOrigin });
+ headers[CorsConstants.AccessControlAllowOrigin] = result.AllowedOrigin;
}
if (result.VaryByOrigin)
{
- headers.Set("Vary", "Origin");
+ headers["Vary"] = "Origin";
}
if (result.SupportsCredentials)
{
- headers.Add(CorsConstants.AccessControlAllowCredentials, new[] { "true" });
+ headers[CorsConstants.AccessControlAllowCredentials] = "true";
}
if (result.AllowedMethods.Count > 0)
@@ -177,9 +179,8 @@ namespace Microsoft.AspNet.Cors.Core
if (result.PreflightMaxAge.HasValue)
{
- headers.Set(
- CorsConstants.AccessControlMaxAge,
- result.PreflightMaxAge.Value.TotalSeconds.ToString());
+ headers[CorsConstants.AccessControlMaxAge]
+ = result.PreflightMaxAge.Value.TotalSeconds.ToString(CultureInfo.InvariantCulture);
}
}
diff --git a/src/Microsoft.AspNet.Cors.Core/project.json b/src/Microsoft.AspNet.Cors.Core/project.json
index dbbc14ee5d..48b267a114 100644
--- a/src/Microsoft.AspNet.Cors.Core/project.json
+++ b/src/Microsoft.AspNet.Cors.Core/project.json
@@ -5,11 +5,11 @@
"url": "https://github.com/aspnet/cors"
},
"dependencies": {
+ "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
"Microsoft.Framework.Configuration.Abstractions": "1.0.0-*",
"Microsoft.Framework.DependencyInjection.Abstractions": "1.0.0-*",
- "Microsoft.Framework.OptionsModel": "1.0.0-*",
- "Microsoft.AspNet.Http": "1.0.0-*",
- "Microsoft.Framework.NotNullAttribute.Sources": { "version": "1.0.0-*", "type": "build" }
+ "Microsoft.Framework.NotNullAttribute.Sources": { "version": "1.0.0-*", "type": "build" },
+ "Microsoft.Framework.OptionsModel": "1.0.0-*"
},
"frameworks" : {
diff --git a/src/Microsoft.AspNet.Cors/CorsMiddleware.cs b/src/Microsoft.AspNet.Cors/CorsMiddleware.cs
index f817384f36..a0ef8c2ff1 100644
--- a/src/Microsoft.AspNet.Cors/CorsMiddleware.cs
+++ b/src/Microsoft.AspNet.Cors/CorsMiddleware.cs
@@ -6,9 +6,8 @@ using System.Threading.Tasks;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Cors.Core;
using Microsoft.AspNet.Http;
-using Microsoft.AspNet.WebUtilities;
using Microsoft.Framework.Internal;
-using Microsoft.Framework.OptionsModel;
+using Microsoft.Framework.Primitives;
namespace Microsoft.AspNet.Cors
{
@@ -70,12 +69,12 @@ namespace Microsoft.AspNet.Cors
_corsService.ApplyResult(corsResult, context.Response);
var accessControlRequestMethod =
- context.Request.Headers.Get(CorsConstants.AccessControlRequestMethod);
+ context.Request.Headers[CorsConstants.AccessControlRequestMethod];
if (string.Equals(
context.Request.Method,
CorsConstants.PreflightHttpMethod,
StringComparison.Ordinal) &&
- accessControlRequestMethod != null)
+ !StringValues.IsNullOrEmpty(accessControlRequestMethod))
{
// Since there is a policy which was identified,
// always respond to preflight requests.
diff --git a/src/Microsoft.AspNet.Cors/project.json b/src/Microsoft.AspNet.Cors/project.json
index 035a2dfb88..9d0567f960 100644
--- a/src/Microsoft.AspNet.Cors/project.json
+++ b/src/Microsoft.AspNet.Cors/project.json
@@ -6,8 +6,6 @@
},
"dependencies": {
"Microsoft.AspNet.Cors.Core": "1.0.0-*",
- "Microsoft.AspNet.Http.Extensions": "1.0.0-*",
- "Microsoft.AspNet.WebUtilities": "1.0.0-*",
"Microsoft.Framework.NotNullAttribute.Sources": { "version": "1.0.0-*", "type": "build" }
},
diff --git a/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs b/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
index 3ffb6af9ac..cd2400db0b 100644
--- a/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
+++ b/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
@@ -2,6 +2,7 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
+using System.Linq;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Http.Internal;
using Microsoft.Framework.OptionsModel;
@@ -645,7 +646,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
Assert.Contains("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys);
var value = Assert.Single(httpContext.Response.Headers.Values);
Assert.Equal(new[] { "PUT,DELETE" }, value);
- var methods = httpContext.Response.Headers["Access-Control-Allow-Methods"].Split(',');
+ string[] methods = httpContext.Response.Headers.GetCommaSeparatedValues("Access-Control-Allow-Methods");
Assert.Equal(2, methods.Length);
Assert.Contains("PUT", methods);
Assert.Contains("DELETE", methods);
@@ -725,7 +726,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys);
var value = Assert.Single(httpContext.Response.Headers.Values);
Assert.Equal(new[] { "foo,bar,baz" }, value);
- string[] headerValues = httpContext.Response.Headers["Access-Control-Allow-Headers"].Split(',');
+ string[] headerValues = httpContext.Response.Headers.GetCommaSeparatedValues("Access-Control-Allow-Headers");
Assert.Equal(3, headerValues.Length);
Assert.Contains("foo", headerValues);
Assert.Contains("bar", headerValues);
@@ -750,7 +751,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
// Assert
Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys);
- string[] headerValues = httpContext.Response.Headers["Access-Control-Allow-Headers"].Split(',');
+ string[] headerValues = httpContext.Response.Headers.GetCommaSeparatedValues("Access-Control-Allow-Headers");
Assert.Equal(2, headerValues.Length);
Assert.Contains("foo", headerValues);
Assert.Contains("bar", headerValues);
@@ -830,7 +831,7 @@ namespace Microsoft.AspNet.Cors.Core.Test
Assert.Contains("Access-Control-Expose-Headers", httpContext.Response.Headers.Keys);
var value = Assert.Single(httpContext.Response.Headers.Values);
Assert.Equal(new[] { "foo,bar,baz" }, value);
- string[] exposedHeaderValues = httpContext.Response.Headers["Access-Control-Expose-Headers"].Split(',');
+ string[] exposedHeaderValues = httpContext.Response.Headers.GetCommaSeparatedValues("Access-Control-Expose-Headers");
Assert.Equal(3, exposedHeaderValues.Length);
Assert.Contains("foo", exposedHeaderValues);
Assert.Contains("bar", exposedHeaderValues);