Skip to content
This repository has been archived by the owner on Nov 22, 2018. It is now read-only.

Commit

Permalink
PreflightRequest check requset headers ignore case and ignore simple …
Browse files Browse the repository at this point in the history 
…request headers

Signed-off-by: Norgerman <xyn0410@gmail.com>
  • Loading branch information
@Norgerman @kichalla
Norgerman authored and kichalla committed Sep 9, 2015
1 parent 2c14ac3 commit 38728a6
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
3 changes: 2 additions & 1 deletion src/Microsoft.AspNet.Cors.Core/CorsService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,8 @@ public virtual void EvaluatePreflightRequest(HttpContext context, CorsPolicy pol

if (!policy.AllowAnyHeader &&
requestHeaders != null &&
!requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
!requestHeaders.All(header => CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase) ||
policy.Headers.Contains(header, StringComparer.OrdinalIgnoreCase)))
{
return;
}
Expand Down
6 changes: 3 additions & 3 deletions test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,7 +397,7 @@ public void EvaluatePolicy_PreflightRequest_HeadersRequested_AllowSomeHeaders_Re
method: "OPTIONS",
origin: "http://example.com",
accessControlRequestMethod: "PUT",
accessControlRequestHeaders: new[] { "Content-Type" });
accessControlRequestHeaders: new[] { "content-type", "accept" });
var policy = new CorsPolicy();
policy.Origins.Add(CorsConstants.AnyOrigin);
policy.Methods.Add("*");
Expand All @@ -409,8 +409,8 @@ public void EvaluatePolicy_PreflightRequest_HeadersRequested_AllowSomeHeaders_Re
var result = corsService.EvaluatePolicy(requestContext, policy);

// Assert
Assert.Equal(1, result.AllowedHeaders.Count);
Assert.Contains("Content-Type", result.AllowedHeaders);
Assert.Equal(2, result.AllowedHeaders.Count);
Assert.Contains("Content-Type", result.AllowedHeaders, StringComparer.OrdinalIgnoreCase);
}

[Fact]
Expand Down

0 comments on commit 38728a6

Please sign in to comment.