validatePreflightRequest method Null safety

bool validatePreflightRequest(
  1. HttpRequest request

Validates whether or not a preflight request matches this policy.

Will return true if the policy agrees with the Access-Control-Request-* headers of the request, otherwise, false. This method is invoked internally by Controllers that have a Controller.policy.


bool validatePreflightRequest(HttpRequest request) {
  if (!isRequestOriginAllowed(request)) {
    return false;

  var method = request.headers.value("access-control-request-method");
  if (!allowedMethods.contains(method)) {
    return false;

  var requestedHeaders = request.headers
      .map((str) => str.trim().toLowerCase())
  if (requestedHeaders?.isNotEmpty ?? false) {
    var nonSimpleHeaders =
        requestedHeaders!.where((str) => !simpleRequestHeaders.contains(str));
    if (nonSimpleHeaders.any((h) => !allowedRequestHeaders.contains(h))) {
      return false;

  return true;