delphimvcframework/sources/MVCFramework.Middleware.CORS.pas
Daniele Teti 7aa5dd1ccb 2.1.6 (carbon)
FIX https://github.com/danieleteti/delphimvcframework/issues/74
Updated jsonwebtoken sample
Improved support for customclaims into the controller actions
2017-03-10 10:37:49 +01:00

93 lines
3.1 KiB
ObjectPascal

// ***************************************************************************
//
// Delphi MVC Framework
//
// Copyright (c) 2010-2017 Daniele Teti and the DMVCFramework Team
//
// https://github.com/danieleteti/delphimvcframework
//
// ***************************************************************************
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// *************************************************************************** }
unit MVCFramework.Middleware.CORS;
interface
uses
MVCFramework;
type
TCORSMiddleware = class(TInterfacedObject, IMVCMiddleware)
private
FAllowedOriginURL: string;
FAllowsCredentials: string;
public
constructor Create(const AllowedOriginURL: string = '*';
const AllowsCredentials: Boolean = true); virtual;
procedure OnBeforeRouting(Context: TWebContext; var Handled: Boolean);
procedure OnAfterControllerAction(Context: TWebContext;
const AActionNAme: string; const Handled: Boolean);
procedure OnBeforeControllerAction(Context: TWebContext;
const AControllerQualifiedClassName: string; const AActionNAme: string;
var Handled: Boolean);
end;
implementation
uses
System.StrUtils, MVCFramework.Commons, System.Classes;
{ TCORSMiddleware }
constructor TCORSMiddleware.Create(const AllowedOriginURL: string;
const AllowsCredentials: Boolean);
begin
inherited Create;
FAllowedOriginURL := AllowedOriginURL;
FAllowsCredentials := ifthen(AllowsCredentials, 'true', 'false');
end;
procedure TCORSMiddleware.OnAfterControllerAction(Context: TWebContext;
const AActionNAme: string; const Handled: Boolean);
begin
end;
procedure TCORSMiddleware.OnBeforeControllerAction(Context: TWebContext;
const AControllerQualifiedClassName, AActionNAme: string;
var Handled: Boolean);
begin
// do nothing
end;
procedure TCORSMiddleware.OnBeforeRouting(Context: TWebContext;
var Handled: Boolean);
var
lCustomHeaders: TStrings;
begin
lCustomHeaders := Context.Response.RawWebResponse.CustomHeaders;
lCustomHeaders.Values['Access-Control-Allow-Origin'] := FAllowedOriginURL;
lCustomHeaders.Values['Access-Control-Allow-Methods'] := 'POST, GET, OPTIONS, PUT, DELETE';
lCustomHeaders.Values['Access-Control-Allow-Headers'] := 'Content-Type, Accept, jwtusername, jwtpassword, authentication';
lCustomHeaders.Values['Access-Control-Allow-Credentials'] := FAllowsCredentials;
if Context.Request.HTTPMethod = httpOPTIONS then
begin
Context.Response.StatusCode := 200;
Handled := true;
end;
end;
end.