isRequestOriginAllowed method Null safety

bool isRequestOriginAllowed(
  1. HttpRequest request
)

Whether or not this policy allows the Origin of the request.

Will return true if allowedOrigins contains the case-sensitive Origin of the request, or that allowedOrigins contains *. This method is invoked internally by Controllers that have a Controller.policy.

Implementation

bool isRequestOriginAllowed(HttpRequest request) {
  if (allowedOrigins.contains("*")) {
    return true;
  }

  final origin = request.headers.value("origin");
  if (allowedOrigins.contains(origin)) {
    return true;
  }

  return false;
}