Merge pull request #4 from GaryMcAllister/patch-1

DavidChristiansen · DavidChristiansen · commit 987c4683d5b5 · 2013-11-13T03:59:59.000-08:00
Update CorsHandler.cs
diff --git a/source/DotNetOpenAuth.WebAPI/CorsHandler.cs b/source/DotNetOpenAuth.WebAPI/CorsHandler.cs
@@ -37,6 +37,11 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
                 } else {
                     return base.SendAsync(request, cancellationToken).ContinueWith<HttpResponseMessage>(t => {
                                                                                                             HttpResponseMessage resp = t.Result;
+                /*This fixes the problem with CorsRequests using credentials in FF and Chrome*/                                                                                            
+                resp.Headers.Add("Access-Control-Allow-Credentials", "true");
+                resp.Headers.Add(AccessControlAllowMethods, "GET, POST, PUT, DELETE");
+                resp.Headers.Add(AccessControlAllowHeaders, "Authorization");                                                                                                            
+                                                                                                            
                                                                                                             resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
                                                                                                             return resp;
                                                                                                         });
@@ -46,4 +51,4 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
             }
         }
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,11 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques`
`37`	`37`	`} else {`
`38`	`38`	`return base.SendAsync(request, cancellationToken).ContinueWith<HttpResponseMessage>(t => {`
`39`	`39`	`HttpResponseMessage resp = t.Result;`
	`40`	`+ /This fixes the problem with CorsRequests using credentials in FF and Chrome/`
	`41`	`+ resp.Headers.Add("Access-Control-Allow-Credentials", "true");`
	`42`	`+ resp.Headers.Add(AccessControlAllowMethods, "GET, POST, PUT, DELETE");`
	`43`	`+ resp.Headers.Add(AccessControlAllowHeaders, "Authorization");`
	`44`	`+`
`40`	`45`	`resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());`
`41`	`46`	`return resp;`
`42`	`47`	`});`
`@@ -46,4 +51,4 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques`
`46`	`51`	`}`
`47`	`52`	`}`
`48`	`53`	`}`
`49`		`-}`
	`54`	`+}`