validatePreflightRequest method
Validates whether or not a preflight request matches this policy.
Will return true if the policy agrees with the Access-Control-Request-* headers of the request, otherwise, false. This method is invoked internally by Controllers that have a Controller.policy.
Implementation
bool validatePreflightRequest(HttpRequest request) {
if (!isRequestOriginAllowed(request)) {
return false;
}
var method = request.headers.value("access-control-request-method");
if (!allowedMethods.contains(method)) {
return false;
}
var requestedHeaders = request.headers
.value("access-control-request-headers")!
.split(",")
.map((str) => str.trim().toLowerCase())
.toList();
if (requestedHeaders.isNotEmpty) {
var nonSimpleHeaders =
requestedHeaders.where((str) => !simpleRequestHeaders.contains(str));
if (nonSimpleHeaders.any((h) => !allowedRequestHeaders.contains(h))) {
return false;
}
}
return true;
}