-
-
Save morbidcamel101/f51d80290539e3df60f0 to your computer and use it in GitHub Desktop.
An IHttpModule for Enabling CORS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Web; | |
namespace Sample | |
{ | |
public class CrossOriginRequestInfo | |
{ | |
public string Origin { get; set; } | |
public string Method { get; set; } | |
public string Headers { get; set; } | |
} | |
public class CrossOriginSupportModule : IHttpModule | |
{ | |
public const string ContextKey = "__crossOriginRequestInfo"; | |
public const string Options = "OPTIONS"; | |
public const string Origin = "Origin"; | |
public const string AccessControlRequestMethod = "Access-Control-Request-Method"; | |
public const string AccessControlRequestHeaders = "Access-Control-Request-Headers"; | |
public const string AccessControlAllowOrigin = "Access-Control-Allow-Origin"; | |
public const string AccessControlAllowMethods = "Access-Control-Allow-Methods"; | |
public const string AccessControlAllowHeaders = "Access-Control-Allow-Headers"; | |
public const string AccessControlAllowCredentials = "Access-Control-Allow-Credentials"; | |
public const string AccessControlMaxAage = "Access-Control-Max-Age"; | |
public void Init(HttpApplication context) | |
{ | |
context.BeginRequest += ContextOnBeginRequest; | |
context.PreSendRequestHeaders += ContextOnPreSendRequestHeaders; | |
} | |
private void ContextOnPreSendRequestHeaders(object sender, EventArgs eventArgs) | |
{ | |
var application = (HttpApplication)sender; | |
var context = application.Context; | |
var response = context.Response; | |
var info = context.Items[ContextKey] as CrossOriginRequestInfo; | |
if (info != null) | |
{ | |
response.Headers[AccessControlAllowOrigin] = info.Origin; | |
} | |
} | |
private void ContextOnBeginRequest(object sender, EventArgs eventArgs) | |
{ | |
var application = (HttpApplication) sender; | |
var context = application.Context; | |
var request = context.Request; | |
if (!String.IsNullOrEmpty(request.Headers[Origin])) | |
{ | |
context.Items[ContextKey] = new CrossOriginRequestInfo | |
{ | |
Origin = request.Headers[Origin], | |
Method = request.Headers[AccessControlRequestMethod], | |
Headers = request.Headers[AccessControlRequestHeaders] | |
}; | |
if (request.HttpMethod == Options) context.RewritePath("~/corsPreFlight"); | |
} | |
} | |
public void Dispose() | |
{ | |
} | |
} | |
public class CrossOriginSupportOptionsHandler : IHttpHandler | |
{ | |
public bool IsReusable | |
{ | |
get { return true; } | |
} | |
public void ProcessRequest(HttpContext context) | |
{ | |
var response = context.Response; | |
response.StatusCode = 200; | |
response.ContentType = "text/plain"; | |
var info = context.Items[CrossOriginSupportModule.ContextKey] as CrossOriginRequestInfo; | |
if (info != null) | |
{ | |
response.Headers[CrossOriginSupportModule.AccessControlAllowOrigin] = info.Origin; | |
response.Headers[CrossOriginSupportModule.AccessControlAllowMethods] = info.Method; | |
response.Headers[CrossOriginSupportModule.AccessControlAllowHeaders] = info.Headers; | |
response.Headers[CrossOriginSupportModule.AccessControlMaxAage] = 1728000.ToString(); | |
} | |
response.End(); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<httpModules> | |
<add name="CrossOriginSupportModule" type="Sample.CrossOriginSupportModule, Sample" /> | |
</httpModules> | |
<httpHandlers> | |
<add verb="*" path="/corsPreFlight" type="Sample.CrossOriginSupportOptionsHandler, Sample" /> | |
</httpHandlers> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment