validatePreflightRequest method

bool validatePreflightRequest(
  1. HttpRequest request
)

Validates whether or not a preflight request matches this policy.

Will return true if the policy agrees with the Access-Control-Request-* headers of the request, otherwise, false. This method is invoked internally by Controllers that have a Controller.policy.

Implementation

bool validatePreflightRequest(HttpRequest request) {
  if (!isRequestOriginAllowed(request)) {
    return false;
  }

  final method = request.headers.value("access-control-request-method");
  if (!allowedMethods.contains(method)) {
    return false;
  }

  final requestedHeaders = request.headers
      .value("access-control-request-headers")
      ?.split(",")
      .map((str) => str.trim().toLowerCase())
      .toList();
  if (requestedHeaders?.isNotEmpty ?? false) {
    final nonSimpleHeaders =
        requestedHeaders!.where((str) => !simpleRequestHeaders.contains(str));
    if (nonSimpleHeaders.any((h) => !allowedRequestHeaders.contains(h))) {
      return false;
    }
  }

  return true;
}