Merge pull request #18116 from abpframework/OrdinalIgnoreCase

Use `OrdinalIgnoreCase` to compare the urls.
pull/18134/head
maliming 2 years ago committed by GitHub
commit 63660cbee0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -78,7 +78,7 @@ public class AbpAspNetCoreSignalRModule : AbpModule
{
foreach (var routePattern in routePatterns)
{
options.IgnoredUrls.AddIfNotContains(x => routePattern.StartsWith(x), () => routePattern);
options.IgnoredUrls.AddIfNotContains(x => routePattern.StartsWith(x, StringComparison.OrdinalIgnoreCase), () => routePattern);
}
});

@ -100,12 +100,12 @@ public class AbpAuditingMiddleware : IMiddleware, ITransientDependency
}
if (!AuditingOptions.IsEnabledForIntegrationServices &&
context.Request.Path.Value.StartsWith($"/{AbpAspNetCoreConsts.DefaultIntegrationServiceApiPrefix}/"))
context.Request.Path.Value.StartsWith($"/{AbpAspNetCoreConsts.DefaultIntegrationServiceApiPrefix}/", StringComparison.OrdinalIgnoreCase))
{
return true;
}
if (AspNetCoreAuditingOptions.IgnoredUrls.Any(x => context.Request.Path.Value.StartsWith(x)))
if (AspNetCoreAuditingOptions.IgnoredUrls.Any(x => context.Request.Path.Value.StartsWith(x, StringComparison.OrdinalIgnoreCase)))
{
return true;
}

@ -33,7 +33,7 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
var requestAcceptTypeHtml = context.Request.Headers["Accept"].Any(x =>
x!.Contains("text/html") || x.Contains("*/*") || x.Contains("application/xhtml+xml"));
var endpoint = context.GetEndpoint();
if (endpoint?.Metadata.GetMetadata<IgnoreAbpSecurityHeaderAttribute>() != null)
@ -42,11 +42,11 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
return;
}
if (!requestAcceptTypeHtml
|| !Options.Value.UseContentSecurityPolicyHeader
|| await AlwaysIgnoreContentTypes(context)
if (!requestAcceptTypeHtml
|| !Options.Value.UseContentSecurityPolicyHeader
|| await AlwaysIgnoreContentTypes(context)
|| endpoint == null
|| Options.Value.IgnoredScriptNoncePaths.Any(x => context.Request.Path.StartsWithSegments(x.EnsureStartsWith('/'))))
|| Options.Value.IgnoredScriptNoncePaths.Any(x => context.Request.Path.StartsWithSegments(x.EnsureStartsWith('/'), StringComparison.OrdinalIgnoreCase)))
{
AddOtherHeaders(context);
await next.Invoke(context);
@ -71,7 +71,7 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
{
return Task.CompletedTask;
}
if (context.Response.StatusCode is < 200 or > 299)
{
return Task.CompletedTask;
@ -85,7 +85,7 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
AddOtherHeaders(context);
await next.Invoke(context);
}
private async Task<bool> AlwaysIgnoreContentTypes(HttpContext context)
{
foreach (var selector in Options.Value.IgnoredScriptNonceSelectors)
@ -95,7 +95,7 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
return true;
}
}
return false;
}
@ -130,7 +130,7 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
var newScriptSrcValue = scriptSrcValue + nonceStr;
return Options.Value.ContentSecurityPolicyValue!.Replace(scriptSrcValue!, newScriptSrcValue);
}
protected virtual void AddHeader(HttpContext context, string key, string value, bool overrideIfExists = false)
{
@ -142,4 +142,4 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
context.Response.Headers.AddIfNotContains(new KeyValuePair<string, StringValues>(key, value));
}
}
}

@ -1,4 +1,5 @@
using System.Linq;
using System;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Options;
@ -38,6 +39,6 @@ public class AbpUnitOfWorkMiddleware : IMiddleware, ITransientDependency
private bool IsIgnoredUrl(HttpContext context)
{
return context.Request.Path.Value != null &&
_options.IgnoredUrls.Any(x => context.Request.Path.Value.StartsWith(x));
_options.IgnoredUrls.Any(x => context.Request.Path.Value.StartsWith(x, StringComparison.OrdinalIgnoreCase));
}
}

Loading…
Cancel
Save