validatePreflightRequest method Null safety
- HttpRequest request
Validates whether or not a preflight request matches this policy.
Will return true if the policy agrees with the Access-Control-Request-* headers of the request, otherwise, false. This method is invoked internally by Controllers that have a Controller.policy.
Implementation
bool validatePreflightRequest(HttpRequest request) {
if (!isRequestOriginAllowed(request)) {
return false;
}
final method = request.headers.value("access-control-request-method");
if (!allowedMethods.contains(method)) {
return false;
}
final requestedHeaders = request.headers
.value("access-control-request-headers")
?.split(",")
.map((str) => str.trim().toLowerCase())
.toList();
if (requestedHeaders?.isNotEmpty ?? false) {
final nonSimpleHeaders =
requestedHeaders!.where((str) => !simpleRequestHeaders.contains(str));
if (nonSimpleHeaders.any((h) => !allowedRequestHeaders.contains(h))) {
return false;
}
}
return true;
}