// Copyright (c) .NET Foundation. All rights reserved.// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.using System;using System.Threading.Tasks;using Microsoft.AspNetCore.Cors.Infrastructure;using Microsoft.AspNetCore.Http;using Microsoft.AspNetCore.Mvc.Cors.Internal;using Microsoft.Extensions.Logging;using Microsoft.Extensions.Logging.Abstractions;using Microsoft.Extensions.Primitives;namespace Microsoft.AspNetCore.Mvc.Cors{ /// <summary> /// A filter that applies the given <see cref="CorsPolicy"/> and adds appropriate response headers. /// </summary> public class CorsAuthorizationFilter : ICorsAuthorizationFilter { private readonly ICorsService _corsService; private readonly ICorsPolicyProvider _corsPolicyProvider; private readonly ILogger _logger; /// <summary> /// Creates a new instance of <see cref="CorsAuthorizationFilter"/>. /// </summary> /// <param name="corsService">The <see cref="ICorsService"/>.</param> /// <param name="policyProvider">The <see cref="ICorsPolicyProvider"/>.</param> public CorsAuthorizationFilter(ICorsService corsService, ICorsPolicyProvider policyProvider) : this(corsService, policyProvider, NullLoggerFactory.Instance) { } /// <summary> /// Creates a new instance of <see cref="CorsAuthorizationFilter"/>. /// </summary> /// <param name="corsService">The <see cref="ICorsService"/>.</param> /// <param name="policyProvider">The <see cref="ICorsPolicyProvider"/>.</param> /// <param name="loggerFactory">The <see cref="ILoggerFactory"/>.</param> public CorsAuthorizationFilter( ICorsService corsService, ICorsPolicyProvider policyProvider, ILoggerFactory loggerFactory) { if (corsService == null) { throw new ArgumentNullException(nameof(corsService)); } if (policyProvider == null) { throw new ArgumentNullException(nameof(policyProvider)); } if (loggerFactory == null) { throw new ArgumentNullException(nameof(loggerFactory)); } _corsService = corsService; _corsPolicyProvider = policyProvider; _logger = loggerFactory.CreateLogger(GetType()); } /// <summary> /// The policy name used to fetch a <see cref="CorsPolicy"/>. /// </summary> public string PolicyName { get; set; } /// <inheritdoc /> // Since clients' preflight requests would not have data to authenticate requests, this // filter must run before any other authorization filters. public int Order => int.MinValue 100; /// <inheritdoc /> public async Task OnAuthorizationAsync(Filters.AuthorizationFilterContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } // If this filter is not closest to the action, it is not applicable. if (!context.IsEffectivePolicy<ICorsAuthorizationFilter>(this)) { _logger.NotMostEffectiveFilter(typeof(ICorsAuthorizationFilter)); return; } var httpContext = context.HttpContext; var request = httpContext.Request; if (request.Headers.ContainsKey(CorsConstants.Origin)) { var policy = await _corsPolicyProvider.GetPolicyAsync(httpContext, PolicyName); if (policy == null) { throw new InvalidOperationException( Resources.FormatCorsAuthorizationFilter_MissingCorsPolicy(PolicyName)); } var result = _corsService.EvaluatePolicy(context.HttpContext, policy); _corsService.ApplyResult(result, context.HttpContext.Response); var accessControlRequestMethod = httpContext.Request.Headers[CorsConstants.AccessControlRequestMethod]; if (string.Equals( request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) && !StringValues.IsNullOrEmpty(accessControlRequestMethod)) { // If this was a preflight, there is no need to run anything else. // Also the response is always 200 so that anyone after mvc can handle the pre flight request. context.Result = new StatusCodeResult(StatusCodes.Status200OK); } // Continue with other filters and action. } } }}
下载asp.net core mvc的 框架源码(深入学习非常有用)用户还喜欢
- 18480 文章数
- 500万+ 热度
作者专栏
编辑推荐
- 淡抹u2引擎,修复内容较多,物有所值
- 界域传说·经典巨作=传世单机(一键安装)
- 丸子版本(175个传世版本大集合)
- GS版本:神话公益服务端+客户端
- 图片放大工具(放大图片不模糊)
- 剪映无限制VIP版
- 传奇世界客户端下载器,史上最全传世客户端
- 传世GS20220920商业引擎注册+登录配置器 解压密码是1
- U2官方排行榜游戏网关 支持元神,支持传家宝
- GS开战传世客户端+服务端
- (淡漠夕阳)u2引擎合区工具
- 传世GS引擎消除“你的游戏客户端版本号过旧,请及时更新”提示
- 传世一机多区双线路配置器--免密码版本
- 传世凤凰登陆器劫持修复软件
- SQLite3 for Navicat
- 传奇世界npc对话框编辑工具
- 传世GS落霞铭文服务器端
- gs_20210409引擎包+注册机(无限制)
- 传奇世界NPC对话封包查看器[支持时长版和极速版]
- 彩虹引擎传世脚本编辑工具1.7版来了,支持函数脚本翻译
评论