Skip to content

Commit 8fcadf7

Browse files
benaadamshalter73
benaadams
authored and
halter73
committed
Allow headers to match on ReferenceEquals before OrdinalIgnoreCase (#9341)
1 parent 52b3b19 commit 8fcadf7

35 files changed

+8667
-5011
lines changed

src/Antiforgery/src/Internal/DefaultAntiforgery.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -263,12 +263,12 @@ private void SaveCookieTokenAndHeader(HttpContext httpContext, string cookieToke
263263
_tokenStore.SaveCookieToken(httpContext, cookieToken);
264264
}
265265

266-
if (!_options.SuppressXFrameOptionsHeader && !httpContext.Response.Headers.ContainsKey("X-Frame-Options"))
266+
if (!_options.SuppressXFrameOptionsHeader && !httpContext.Response.Headers.ContainsKey(HeaderNames.XFrameOptions))
267267
{
268268
// Adding X-Frame-Options header to prevent ClickJacking. See
269269
// http://tools.ietf.org/html/draft-ietf-websec-x-frame-options-10
270270
// for more information.
271-
httpContext.Response.Headers["X-Frame-Options"] = "SAMEORIGIN";
271+
httpContext.Response.Headers[HeaderNames.XFrameOptions] = "SAMEORIGIN";
272272
}
273273
}
274274

src/Hosting/Hosting/src/GenericHost/GenericWebHostedService.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
using Microsoft.Extensions.Logging;
2121
using Microsoft.Extensions.Options;
2222
using Microsoft.Extensions.StackTrace.Sources;
23+
using Microsoft.Net.Http.Headers;
2324

2425
namespace Microsoft.AspNetCore.Hosting.Internal
2526
{
@@ -184,7 +185,7 @@ private RequestDelegate BuildErrorPageApplication(Exception exception)
184185
return context =>
185186
{
186187
context.Response.StatusCode = 500;
187-
context.Response.Headers["Cache-Control"] = "no-cache";
188+
context.Response.Headers[HeaderNames.CacheControl] = "no-cache";
188189
return errorPage.ExecuteAsync(context);
189190
};
190191
}

src/Hosting/Hosting/src/Internal/HostingApplicationDiagnostics.cs

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -22,11 +22,6 @@ internal class HostingApplicationDiagnostics
2222
private const string DeprecatedDiagnosticsEndRequestKey = "Microsoft.AspNetCore.Hosting.EndRequest";
2323
private const string DiagnosticsUnhandledExceptionKey = "Microsoft.AspNetCore.Hosting.UnhandledException";
2424

25-
private const string RequestIdHeaderName = "Request-Id";
26-
private const string CorrelationContextHeaderName = "Correlation-Context";
27-
private const string TraceParentHeaderName = "traceparent";
28-
private const string TraceStateHeaderName = "tracestate";
29-
3025
private readonly DiagnosticListener _diagnosticListener;
3126
private readonly ILogger _logger;
3227

@@ -238,22 +233,22 @@ private Activity StartActivity(HttpContext httpContext)
238233
{
239234
var activity = new Activity(ActivityName);
240235

241-
if (!httpContext.Request.Headers.TryGetValue(TraceParentHeaderName, out var requestId))
236+
if (!httpContext.Request.Headers.TryGetValue(HeaderNames.TraceParent, out var requestId))
242237
{
243-
httpContext.Request.Headers.TryGetValue(RequestIdHeaderName, out requestId);
238+
httpContext.Request.Headers.TryGetValue(HeaderNames.RequestId, out requestId);
244239
}
245240

246241
if (!StringValues.IsNullOrEmpty(requestId))
247242
{
248243
activity.SetParentId(requestId);
249-
if (httpContext.Request.Headers.TryGetValue(TraceStateHeaderName, out var traceState))
244+
if (httpContext.Request.Headers.TryGetValue(HeaderNames.TraceState, out var traceState))
250245
{
251246
activity.TraceStateString = traceState;
252247
}
253248

254249
// We expect baggage to be empty by default
255250
// Only very advanced users will be using it in near future, we encourage them to keep baggage small (few items)
256-
string[] baggage = httpContext.Request.Headers.GetCommaSeparatedValues(CorrelationContextHeaderName);
251+
string[] baggage = httpContext.Request.Headers.GetCommaSeparatedValues(HeaderNames.CorrelationContext);
257252
if (baggage.Length > 0)
258253
{
259254
foreach (var item in baggage)

src/Hosting/Hosting/src/Internal/WebHost.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
using Microsoft.Extensions.Hosting;
2323
using Microsoft.Extensions.Logging;
2424
using Microsoft.Extensions.StackTrace.Sources;
25+
using Microsoft.Net.Http.Headers;
2526

2627
namespace Microsoft.AspNetCore.Hosting.Internal
2728
{
@@ -276,7 +277,7 @@ private RequestDelegate BuildApplication()
276277
return context =>
277278
{
278279
context.Response.StatusCode = 500;
279-
context.Response.Headers["Cache-Control"] = "no-cache";
280+
context.Response.Headers[HeaderNames.CacheControl] = "no-cache";
280281
return errorPage.ExecuteAsync(context);
281282
};
282283
}

src/Http/Headers/ref/Microsoft.Net.Http.Headers.netcoreapp3.0.cs

Lines changed: 81 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -118,74 +118,87 @@ public EntityTagHeaderValue(Microsoft.Extensions.Primitives.StringSegment tag, b
118118
}
119119
public static partial class HeaderNames
120120
{
121-
public const string Accept = "Accept";
122-
public const string AcceptCharset = "Accept-Charset";
123-
public const string AcceptEncoding = "Accept-Encoding";
124-
public const string AcceptLanguage = "Accept-Language";
125-
public const string AcceptRanges = "Accept-Ranges";
126-
public const string AccessControlAllowCredentials = "Access-Control-Allow-Credentials";
127-
public const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";
128-
public const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
129-
public const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
130-
public const string AccessControlExposeHeaders = "Access-Control-Expose-Headers";
131-
public const string AccessControlMaxAge = "Access-Control-Max-Age";
132-
public const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
133-
public const string AccessControlRequestMethod = "Access-Control-Request-Method";
134-
public const string Age = "Age";
135-
public const string Allow = "Allow";
136-
public const string Authority = ":authority";
137-
public const string Authorization = "Authorization";
138-
public const string CacheControl = "Cache-Control";
139-
public const string Connection = "Connection";
140-
public const string ContentDisposition = "Content-Disposition";
141-
public const string ContentEncoding = "Content-Encoding";
142-
public const string ContentLanguage = "Content-Language";
143-
public const string ContentLength = "Content-Length";
144-
public const string ContentLocation = "Content-Location";
145-
public const string ContentMD5 = "Content-MD5";
146-
public const string ContentRange = "Content-Range";
147-
public const string ContentSecurityPolicy = "Content-Security-Policy";
148-
public const string ContentSecurityPolicyReportOnly = "Content-Security-Policy-Report-Only";
149-
public const string ContentType = "Content-Type";
150-
public const string Cookie = "Cookie";
151-
public const string Date = "Date";
152-
public const string ETag = "ETag";
153-
public const string Expect = "Expect";
154-
public const string Expires = "Expires";
155-
public const string From = "From";
156-
public const string Host = "Host";
157-
public const string IfMatch = "If-Match";
158-
public const string IfModifiedSince = "If-Modified-Since";
159-
public const string IfNoneMatch = "If-None-Match";
160-
public const string IfRange = "If-Range";
161-
public const string IfUnmodifiedSince = "If-Unmodified-Since";
162-
public const string LastModified = "Last-Modified";
163-
public const string Location = "Location";
164-
public const string MaxForwards = "Max-Forwards";
165-
public const string Method = ":method";
166-
public const string Origin = "Origin";
167-
public const string Path = ":path";
168-
public const string Pragma = "Pragma";
169-
public const string ProxyAuthenticate = "Proxy-Authenticate";
170-
public const string ProxyAuthorization = "Proxy-Authorization";
171-
public const string Range = "Range";
172-
public const string Referer = "Referer";
173-
public const string RetryAfter = "Retry-After";
174-
public const string Scheme = ":scheme";
175-
public const string Server = "Server";
176-
public const string SetCookie = "Set-Cookie";
177-
public const string Status = ":status";
178-
public const string StrictTransportSecurity = "Strict-Transport-Security";
179-
public const string TE = "TE";
180-
public const string Trailer = "Trailer";
181-
public const string TransferEncoding = "Transfer-Encoding";
182-
public const string Upgrade = "Upgrade";
183-
public const string UserAgent = "User-Agent";
184-
public const string Vary = "Vary";
185-
public const string Via = "Via";
186-
public const string Warning = "Warning";
187-
public const string WebSocketSubProtocols = "Sec-WebSocket-Protocol";
188-
public const string WWWAuthenticate = "WWW-Authenticate";
121+
public static readonly string Accept;
122+
public static readonly string AcceptCharset;
123+
public static readonly string AcceptEncoding;
124+
public static readonly string AcceptLanguage;
125+
public static readonly string AcceptRanges;
126+
public static readonly string AccessControlAllowCredentials;
127+
public static readonly string AccessControlAllowHeaders;
128+
public static readonly string AccessControlAllowMethods;
129+
public static readonly string AccessControlAllowOrigin;
130+
public static readonly string AccessControlExposeHeaders;
131+
public static readonly string AccessControlMaxAge;
132+
public static readonly string AccessControlRequestHeaders;
133+
public static readonly string AccessControlRequestMethod;
134+
public static readonly string Age;
135+
public static readonly string Allow;
136+
public static readonly string Authority;
137+
public static readonly string Authorization;
138+
public static readonly string CacheControl;
139+
public static readonly string Connection;
140+
public static readonly string ContentDisposition;
141+
public static readonly string ContentEncoding;
142+
public static readonly string ContentLanguage;
143+
public static readonly string ContentLength;
144+
public static readonly string ContentLocation;
145+
public static readonly string ContentMD5;
146+
public static readonly string ContentRange;
147+
public static readonly string ContentSecurityPolicy;
148+
public static readonly string ContentSecurityPolicyReportOnly;
149+
public static readonly string ContentType;
150+
public static readonly string Cookie;
151+
public static readonly string CorrelationContext;
152+
public static readonly string Date;
153+
public static readonly string DNT;
154+
public static readonly string ETag;
155+
public static readonly string Expect;
156+
public static readonly string Expires;
157+
public static readonly string From;
158+
public static readonly string Host;
159+
public static readonly string IfMatch;
160+
public static readonly string IfModifiedSince;
161+
public static readonly string IfNoneMatch;
162+
public static readonly string IfRange;
163+
public static readonly string IfUnmodifiedSince;
164+
public static readonly string KeepAlive;
165+
public static readonly string LastModified;
166+
public static readonly string Location;
167+
public static readonly string MaxForwards;
168+
public static readonly string Method;
169+
public static readonly string Origin;
170+
public static readonly string Path;
171+
public static readonly string Pragma;
172+
public static readonly string ProxyAuthenticate;
173+
public static readonly string ProxyAuthorization;
174+
public static readonly string Range;
175+
public static readonly string Referer;
176+
public static readonly string RequestId;
177+
public static readonly string RetryAfter;
178+
public static readonly string Scheme;
179+
public static readonly string SecWebSocketAccept;
180+
public static readonly string SecWebSocketKey;
181+
public static readonly string SecWebSocketProtocol;
182+
public static readonly string SecWebSocketVersion;
183+
public static readonly string Server;
184+
public static readonly string SetCookie;
185+
public static readonly string Status;
186+
public static readonly string StrictTransportSecurity;
187+
public static readonly string TE;
188+
public static readonly string TraceParent;
189+
public static readonly string TraceState;
190+
public static readonly string Trailer;
191+
public static readonly string TransferEncoding;
192+
public static readonly string Translate;
193+
public static readonly string Upgrade;
194+
public static readonly string UpgradeInsecureRequests;
195+
public static readonly string UserAgent;
196+
public static readonly string Vary;
197+
public static readonly string Via;
198+
public static readonly string Warning;
199+
public static readonly string WebSocketSubProtocols;
200+
public static readonly string WWWAuthenticate;
201+
public static readonly string XFrameOptions;
189202
}
190203
public static partial class HeaderQuality
191204
{

0 commit comments

Comments
 (0)