Skip to content

Instantly share code, notes, and snippets.

@mmorton

mmorton/CrossOriginSupportModule.cs

Created November 19, 2012 21:00
Show Gist options
  • Save mmorton/4113849 to your computer and use it in GitHub Desktop.
Save mmorton/4113849 to your computer and use it in GitHub Desktop.
Download ZIP
An IHttpModule for Enabling CORS
Raw
CrossOriginSupportModule.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace Sample
{
public class CrossOriginRequestInfo
{
public string Origin { get; set; }
public string Method { get; set; }
public string Headers { get; set; }
}
public class CrossOriginSupportModule : IHttpModule
{
public const string ContextKey = "__crossOriginRequestInfo";
public const string Options = "OPTIONS";
public const string Origin = "Origin";
public const string AccessControlRequestMethod = "Access-Control-Request-Method";
public const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
public const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
public const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
public const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";
public const string AccessControlAllowCredentials = "Access-Control-Allow-Credentials";
public const string AccessControlMaxAage = "Access-Control-Max-Age";
public void Init(HttpApplication context)
{
context.BeginRequest += ContextOnBeginRequest;
context.PreSendRequestHeaders += ContextOnPreSendRequestHeaders;
}
private void ContextOnPreSendRequestHeaders(object sender, EventArgs eventArgs)
{
var application = (HttpApplication)sender;
var context = application.Context;
var response = context.Response;
var info = context.Items[ContextKey] as CrossOriginRequestInfo;
if (info != null)
{
response.Headers[AccessControlAllowOrigin] = info.Origin;
}
}
private void ContextOnBeginRequest(object sender, EventArgs eventArgs)
{
var application = (HttpApplication) sender;
var context = application.Context;
var request = context.Request;
if (!String.IsNullOrEmpty(request.Headers[Origin]))
{
context.Items[ContextKey] = new CrossOriginRequestInfo
{
Origin = request.Headers[Origin],
Method = request.Headers[AccessControlRequestMethod],
Headers = request.Headers[AccessControlRequestHeaders]
};
if (request.HttpMethod == Options) context.RewritePath("~/corsPreFlight");
}
}
public void Dispose()
{
}
}
public class CrossOriginSupportOptionsHandler : IHttpHandler
{
public bool IsReusable
{
get { return true; }
}
public void ProcessRequest(HttpContext context)
{
var response = context.Response;
response.StatusCode = 200;
response.ContentType = "text/plain";
var info = context.Items[CrossOriginSupportModule.ContextKey] as CrossOriginRequestInfo;
if (info != null)
{
response.Headers[CrossOriginSupportModule.AccessControlAllowOrigin] = info.Origin;
response.Headers[CrossOriginSupportModule.AccessControlAllowMethods] = info.Method;
response.Headers[CrossOriginSupportModule.AccessControlAllowHeaders] = info.Headers;
response.Headers[CrossOriginSupportModule.AccessControlMaxAage] = 1728000.ToString();
}
response.End();
}
}
}
Raw
Web.config
<httpModules>
<add name="CrossOriginSupportModule" type="Sample.CrossOriginSupportModule, Sample" />
</httpModules>
<httpHandlers>
<add verb="*" path="/corsPreFlight" type="Sample.CrossOriginSupportOptionsHandler, Sample" />
</httpHandlers>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment