From 38728a6bcd11bfe2c5f9c1b17fde1892bf499553 Mon Sep 17 00:00:00 2001
From: Norgerman <xyn0410@gmail.com>
Date: Tue, 25 Aug 2015 13:53:34 +0800
Subject: [PATCH] PreflightRequest check requset headers ignore case and ignore
 simple request headers

Signed-off-by: Norgerman <xyn0410@gmail.com>
---
 src/Microsoft.AspNet.Cors.Core/CorsService.cs            | 3 ++-
 test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.AspNet.Cors.Core/CorsService.cs b/src/Microsoft.AspNet.Cors.Core/CorsService.cs
index bcc09e6..f9a2d6e 100644
--- a/src/Microsoft.AspNet.Cors.Core/CorsService.cs
+++ b/src/Microsoft.AspNet.Cors.Core/CorsService.cs
@@ -97,7 +97,8 @@ public virtual void EvaluatePreflightRequest(HttpContext context, CorsPolicy pol
 
             if (!policy.AllowAnyHeader &&
                 requestHeaders != null &&
-                !requestHeaders.All(header => policy.Headers.Contains(header, StringComparer.Ordinal)))
+                !requestHeaders.All(header => CorsConstants.SimpleRequestHeaders.Contains(header, StringComparer.OrdinalIgnoreCase) ||
+                                              policy.Headers.Contains(header, StringComparer.OrdinalIgnoreCase)))
             {
                 return;
             }
diff --git a/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs b/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
index cd2400d..e32e322 100644
--- a/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
+++ b/test/Microsoft.AspNet.Cors.Core.Test/CorsServiceTests.cs
@@ -397,7 +397,7 @@ public void EvaluatePolicy_PreflightRequest_HeadersRequested_AllowSomeHeaders_Re
                 method: "OPTIONS",
                 origin: "http://example.com",
                 accessControlRequestMethod: "PUT",
-                accessControlRequestHeaders: new[] { "Content-Type" });
+                accessControlRequestHeaders: new[] { "content-type", "accept" });
             var policy = new CorsPolicy();
             policy.Origins.Add(CorsConstants.AnyOrigin);
             policy.Methods.Add("*");
@@ -409,8 +409,8 @@ public void EvaluatePolicy_PreflightRequest_HeadersRequested_AllowSomeHeaders_Re
             var result = corsService.EvaluatePolicy(requestContext, policy);
 
             // Assert
-            Assert.Equal(1, result.AllowedHeaders.Count);
-            Assert.Contains("Content-Type", result.AllowedHeaders);
+            Assert.Equal(2, result.AllowedHeaders.Count);
+            Assert.Contains("Content-Type", result.AllowedHeaders, StringComparer.OrdinalIgnoreCase);
         }
 
         [Fact]