188 references to CorsConstants
Microsoft.AspNetCore.Cors (14)
Infrastructure\CorsMiddleware.cs (2)
107if (!context.Request.Headers.ContainsKey(CorsConstants.Origin)) 120var isCorsPreflightRequest = isOptionsRequest && context.Request.Headers.ContainsKey(CorsConstants.AccessControlRequestMethod);
Infrastructure\CorsPolicy.cs (3)
33if (Headers == null || Headers.Count != 1 || Headers[0] != CorsConstants.AnyHeader) 49if (Methods == null || Methods.Count != 1 || Methods[0] != CorsConstants.AnyMethod) 65if (Origins == null || Origins.Count != 1 || Origins[0] != CorsConstants.AnyOrigin)
Infrastructure\CorsPolicyBuilder.cs (3)
163_policy.Origins.Add(CorsConstants.AnyOrigin); 174_policy.Methods.Add(CorsConstants.AnyMethod); 185_policy.Headers.Add(CorsConstants.AnyHeader);
Infrastructure\CorsService.cs (6)
72var isPreflightRequest = isOptionsRequest && requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod); 102result.AllowedOrigin = CorsConstants.AnyOrigin; 124headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestHeaders) : 180headers.SetCommaSeparatedValues(CorsConstants.AccessControlAllowHeaders, result.AllowedHeaders.ToArray()); 185headers.SetCommaSeparatedValues(CorsConstants.AccessControlAllowMethods, result.AllowedMethods.ToArray()); 199headers.SetCommaSeparatedValues(CorsConstants.AccessControlExposeHeaders, result.AllowedExposedHeaders.ToArray());
Microsoft.AspNetCore.Cors.Test (90)
CorsMiddlewareTests.cs (56)
52.AddHeader(CorsConstants.Origin, OriginUrl) 59Assert.Equal(OriginUrl, response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault()); 94.AddHeader(CorsConstants.Origin, OriginUrl) 101Assert.Equal(OriginUrl, response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault()); 102Assert.Equal("AllowedHeader", response.Headers.GetValues(CorsConstants.AccessControlExposeHeaders).FirstOrDefault()); 145.AddHeader(CorsConstants.Origin, OriginUrl) 151Assert.Equal(OriginUrl, response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault()); 194.AddHeader(CorsConstants.Origin, OriginUrl) 195.AddHeader(CorsConstants.AccessControlRequestMethod, "PUT") 196.SendAsync(CorsConstants.PreflightHttpMethod); 204Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key); 209Assert.Equal(CorsConstants.AccessControlAllowMethods, kvp.Key); 214Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key); 259.AddHeader(CorsConstants.Origin, OriginUrl) 260.AddHeader(CorsConstants.AccessControlRequestMethod, "PUT") 261.AddHeader(CorsConstants.AccessControlRequestHeaders, "X-Test1,X-Test2") 262.SendAsync(CorsConstants.PreflightHttpMethod); 270Assert.Equal(CorsConstants.AccessControlAllowCredentials, kvp.Key); 275Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key); 280Assert.Equal(CorsConstants.AccessControlAllowMethods, kvp.Key); 285Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key); 322.AddHeader(CorsConstants.Origin, "http://test.example.com") 323.AddHeader(CorsConstants.AccessControlRequestMethod, "PUT") 324.SendAsync(CorsConstants.PreflightHttpMethod); 365.AddHeader(CorsConstants.Origin, "http://test.example.com") 392httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 421httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 481.AddHeader(CorsConstants.Origin, OriginUrl) 482.AddHeader(CorsConstants.AccessControlRequestMethod, "PUT") 483.SendAsync(CorsConstants.PreflightHttpMethod); 491Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key); 496Assert.Equal(CorsConstants.AccessControlAllowMethods, kvp.Key); 501Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key); 539.AddHeader(CorsConstants.Origin, OriginUrl) 548Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key); 553Assert.Equal(CorsConstants.AccessControlExposeHeaders, kvp.Key); 615.AddHeader(CorsConstants.Origin, OriginUrl) 626Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key); 631Assert.Equal(CorsConstants.AccessControlExposeHeaders, kvp.Key); 659httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { OriginUrl }); 660httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "PUT" }); 671Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key); 676Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key); 700httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 730httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 758httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 759httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "GET" }); 790httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 791httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "GET" }); 822httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 857httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 894httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 927httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 957httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 984httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" }); 1032httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
CorsServiceTests.cs (34)
109policy.Origins.Add(CorsConstants.AnyOrigin); 125policy.Origins.Add(CorsConstants.AnyOrigin); 144policy.Origins.Add(CorsConstants.AnyOrigin); 179policy.Origins.Add(CorsConstants.AnyOrigin); 248policy.Origins.Add(CorsConstants.AnyOrigin); 264policy.Origins.Add(CorsConstants.AnyOrigin); 281policy.Origins.Add(CorsConstants.AnyOrigin); 300policy.Origins.Add(CorsConstants.AnyOrigin); 317policy.Origins.Add(CorsConstants.AnyOrigin); 340policy.Origins.Add(CorsConstants.AnyOrigin); 342policy.Methods.Add(CorsConstants.AnyMethod); 364policy.Methods.Add(CorsConstants.AnyMethod); 384policy.Methods.Add(CorsConstants.AnyMethod); 403policy.Origins.Add(CorsConstants.AnyOrigin); 404policy.Methods.Add(CorsConstants.AnyMethod); 423policy.Origins.Add(CorsConstants.AnyOrigin); 424policy.Methods.Add(CorsConstants.AnyMethod); 440policy.Origins.Add(CorsConstants.AnyOrigin); 441policy.Methods.Add(CorsConstants.AnyMethod); 462policy.Origins.Add(CorsConstants.AnyOrigin); 480policy.Origins.Add(CorsConstants.AnyOrigin); 481policy.Methods.Add(CorsConstants.AnyMethod); 482policy.Headers.Add(CorsConstants.AnyHeader); 503policy.Origins.Add(CorsConstants.AnyOrigin); 504policy.Methods.Add(CorsConstants.AnyMethod); 505policy.Headers.Add(CorsConstants.AnyHeader); 526policy.Origins.Add(CorsConstants.AnyOrigin); 527policy.Methods.Add(CorsConstants.AnyMethod); 547policy.Methods.Add(CorsConstants.AnyMethod); 548policy.Headers.Add(CorsConstants.AnyHeader); 838Assert.Equal("foo,bar", httpContext.Response.Headers[CorsConstants.AccessControlExposeHeaders]); 958context.Request.Headers.Add(CorsConstants.Origin, new[] { origin }); 963context.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { accessControlRequestMethod }); 968context.Request.Headers.Add(CorsConstants.AccessControlRequestHeaders, accessControlRequestHeaders);
Microsoft.AspNetCore.Mvc.Cors (4)
CorsAuthorizationFilter.cs (2)
76if (request.Headers.ContainsKey(CorsConstants.Origin)) 90httpContext.Request.Headers[CorsConstants.AccessControlRequestMethod];
DisableCorsAuthorizationFilter.cs (2)
27context.HttpContext.Request.Headers[CorsConstants.AccessControlRequestMethod]; 30CorsConstants.PreflightHttpMethod,
Microsoft.AspNetCore.Mvc.Cors.Test (24)
CorsAuthorizationFilterTest.cs (19)
42Assert.Equal("http://example.com", response.Headers[CorsConstants.AccessControlAllowOrigin]); 43Assert.Equal("header1,header2", response.Headers[CorsConstants.AccessControlAllowHeaders]); 46Assert.Equal("PUT", response.Headers[CorsConstants.AccessControlAllowMethods]); 47Assert.Equal("exposed1,exposed2", response.Headers[CorsConstants.AccessControlExposeHeaders]); 48Assert.Equal("123", response.Headers[CorsConstants.AccessControlMaxAge]); 49Assert.Equal("true", response.Headers[CorsConstants.AccessControlAllowCredentials]); 92Assert.Equal("http://example.com", response.Headers[CorsConstants.AccessControlAllowOrigin]); 93Assert.Equal("exposed1,exposed2", response.Headers[CorsConstants.AccessControlExposeHeaders]); 138httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestHeaders, headers.Headers.Split(',')); 139httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { headers.Method }); 140httpContext.Request.Headers.Add(CorsConstants.AccessControlExposeHeaders, headers.ExposedHeaders.Split(',')); 141httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { headers.Origin }); 148var method = isPreflight ? CorsConstants.PreflightHttpMethod : "GET"; 196headers[CorsConstants.AccessControlMaxAge] = 198headers[CorsConstants.AccessControlAllowOrigin] = result1.AllowedOrigin; 201headers.Add(CorsConstants.AccessControlAllowCredentials, new[] { "true" }); 204headers.Add(CorsConstants.AccessControlAllowHeaders, result1.AllowedHeaders.ToArray()); 205headers.Add(CorsConstants.AccessControlAllowMethods, result1.AllowedMethods.ToArray()); 206headers.Add(CorsConstants.AccessControlExposeHeaders, result1.AllowedExposedHeaders.ToArray());
DisableCorsAuthorizationFilterTest.cs (5)
21httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/"); 22httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, "PUT"); 41httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/"); 62httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/"); 63httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, "PUT");
Microsoft.AspNetCore.Mvc.FunctionalTests (56)
CorsTests.cs (2)
17request.Headers.Add(CorsConstants.Origin, "http://example.com"); 18request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST");
CorsTestsBase.cs (54)
45request.Headers.Add(CorsConstants.Origin, origin); 56Assert.Equal(CorsConstants.AccessControlAllowOrigin, header.Key); 81request.Headers.Add(CorsConstants.Origin, "http://example.com"); 82request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST"); 99request.Headers.Add(CorsConstants.Origin, "http://example.com"); 100request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST"); 118new HttpMethod(CorsConstants.PreflightHttpMethod), 122request.Headers.Add(CorsConstants.Origin, "http://example.com"); 123request.Headers.Add(CorsConstants.AccessControlRequestMethod, method); 124request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "Custom"); 136Assert.Equal(CorsConstants.AccessControlAllowMethods, h.Key); 141Assert.Equal(CorsConstants.AccessControlAllowOrigin, h.Key); 159request.Headers.Add(CorsConstants.Origin, "http://example.com"); 160request.Headers.Add(CorsConstants.AccessControlExposeHeaders, "exposed1,exposed2"); 170responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray()); 173responseHeaders.GetValues(CorsConstants.AccessControlAllowCredentials).ToArray()); 176responseHeaders.GetValues(CorsConstants.AccessControlExposeHeaders).ToArray()); 187new HttpMethod(CorsConstants.PreflightHttpMethod), 191request.Headers.Add(CorsConstants.Origin, "http://example.com"); 192request.Headers.Add(CorsConstants.AccessControlRequestMethod, "PUT"); 193request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "header1,header2"); 203responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray()); 206responseHeaders.GetValues(CorsConstants.AccessControlAllowCredentials).ToArray()); 209responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray()); 212responseHeaders.GetValues(CorsConstants.AccessControlAllowMethods).ToArray()); 225request.Headers.Add(CorsConstants.Origin, "http://example2.com"); 250request.Headers.Add(CorsConstants.Origin, "http://example.com"); 272new HttpMethod(CorsConstants.PreflightHttpMethod), 276request.Headers.Add(CorsConstants.Origin, "http://example.com"); 277request.Headers.Add(CorsConstants.AccessControlRequestMethod, method); 278request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "Custom"); 298var request = new HttpRequestMessage(new HttpMethod(CorsConstants.PreflightHttpMethod), url); 301request.Headers.Add(CorsConstants.Origin, "http://example.com"); 302request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); 303request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "Custom"); 313responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray()); 316responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray()); 319responseHeaders.GetValues(CorsConstants.AccessControlAllowMethods).ToArray()); 330var request = new HttpRequestMessage(new HttpMethod(CorsConstants.PreflightHttpMethod), url); 333request.Headers.Add(CorsConstants.Origin, "http://example.com"); 334request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); 335request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "Custom"); 345responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray()); 348responseHeaders.GetValues(CorsConstants.AccessControlAllowCredentials).ToArray()); 351responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray()); 354responseHeaders.GetValues(CorsConstants.AccessControlAllowMethods).ToArray()); 368new HttpMethod(CorsConstants.PreflightHttpMethod), 372request.Headers.Add(CorsConstants.Origin, "http://example.com"); 373request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); 374request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "Custom"); 393new HttpMethod(CorsConstants.PreflightHttpMethod), 395request.Headers.Add(CorsConstants.Origin, "http://notexpecteddomain.com"); 396request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET"); 397request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "Custom");