handleActualRequest function

Request handleActualRequest (
  1. Request req,
  2. Cors cors
)

Implementation

Request handleActualRequest(Request req, Cors cors) {
  req.innerRequest.response.headers.add(HttpHeaders.varyHeader, 'Origin');

  final origin = req.headers.value('Origin');

  if (origin == null || origin == '') {
    var res = req.response;
    res.messenger.addError('[cors] Actual request aborted. Empty origin.');
    res.send.badRequest();
    return req;
  }

  if (!cors.isAllowedOrigin(origin)) {
    var res = req.response;
    res.messenger.addError('[cors] Actual request aborted. Not an allowed origin: $origin');
    res.send.badRequest();
    return req;
  }

  if (!cors.isAllowedMethod(req.method)) {
    var res = req.response;
    res.messenger.addError(
        '[cors] Actual request aborted. Not an allowed method: ${req.method}');
    res.send.badRequest();
    return req;
  }

  req.innerRequest.response.headers.add('Access-Control-Allow-Origin', origin);

  if (cors.allowCredentials != null && cors.allowCredentials) {
    req.innerRequest.response.headers
        .add('Access-Control-Allow-Credentials', 'true');
  }

  if (cors.exposedHeaders != null && cors.exposedHeaders.length > 0) {
    req.innerRequest.response.headers
        .add('Access-Control-Expose-Headers', cors.exposedHeaders.join(', '));
  }

  return req;
}