1
0
mirror of https://git.teknik.io/Teknikode/Teknik.git synced 2023-08-02 14:16:22 +02:00

Added Vary: Origin header

This commit is contained in:
Uncled1023 2018-01-09 22:47:34 -08:00
parent 51b4260f3c
commit 61e0204361
4 changed files with 4 additions and 68 deletions

View File

@ -77,71 +77,6 @@ namespace Teknik
} }
} }
//protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
//{
// // We support both Auth Tokens and Cookie Authentication
// // Username and Roles for the current user
// string username = string.Empty;
// bool hasAuthToken = false;
// if (Request != null)
// {
// if (Request.Headers.HasKeys())
// {
// string auth = Request.Headers["Authorization"];
// if (!string.IsNullOrEmpty(auth))
// {
// string[] parts = auth.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
// string type = string.Empty;
// string value = string.Empty;
// if (parts.Length > 0)
// {
// type = parts[0].ToLower();
// }
// if (parts.Length > 1)
// {
// value = parts[1];
// }
// using (TeknikEntities entities = new TeknikEntities())
// {
// // Get the user information based on the auth type
// switch (type)
// {
// case "basic":
// KeyValuePair<string, string> authCreds = StringHelper.ParseBasicAuthHeader(value);
// bool tokenValid = UserHelper.UserTokenCorrect(entities, authCreds.Key, authCreds.Value);
// if (tokenValid)
// {
// // it's valid, so let's update it's Last Used date
// UserHelper.UpdateTokenLastUsed(entities, authCreds.Key, authCreds.Value, DateTime.Now);
// // Set the username
// username = authCreds.Key;
// }
// break;
// default:
// break;
// }
// }
// }
// }
// }
// if (FormsAuthentication.CookiesSupported == true && !hasAuthToken)
// {
// if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
// {
// //let us take out the username now
// username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
// }
// }
// HttpContext.Current.User = new TeknikPrincipal(username);
//}
protected void Application_Error(object sender, EventArgs e) protected void Application_Error(object sender, EventArgs e)
{ {
Exception exception = null; Exception exception = null;

View File

@ -12,7 +12,7 @@ using Teknik.Utilities;
namespace Teknik.Modules namespace Teknik.Modules
{ {
public class UserCheckModule : IHttpModule public class UserAuthModule : IHttpModule
{ {
public void Dispose() public void Dispose()
{ {

View File

@ -310,7 +310,7 @@
<Compile Include="Areas\Vault\ViewModels\VaultItemViewModel.cs" /> <Compile Include="Areas\Vault\ViewModels\VaultItemViewModel.cs" />
<Compile Include="Attributes\TeknikAuthorizeAttribute.cs" /> <Compile Include="Attributes\TeknikAuthorizeAttribute.cs" />
<Compile Include="Hubs\IRCClientHub.cs" /> <Compile Include="Hubs\IRCClientHub.cs" />
<Compile Include="Modules\UserCheckModule.cs" /> <Compile Include="Modules\UserAuthModule.cs" />
<Compile Include="Security\ITeknikPrincipal.cs" /> <Compile Include="Security\ITeknikPrincipal.cs" />
<Compile Include="Security\TeknikPrincipal.cs" /> <Compile Include="Security\TeknikPrincipal.cs" />
<Compile Include="Filters\CORSActionFilter.cs" /> <Compile Include="Filters\CORSActionFilter.cs" />

View File

@ -55,7 +55,7 @@
<remove name="FormsAuthentication" /> <remove name="FormsAuthentication" />
<add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" /> <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
<add name="PerfModule" type="Teknik.Modules.PerformanceMonitorModule, Teknik" /> <add name="PerfModule" type="Teknik.Modules.PerformanceMonitorModule, Teknik" />
<add name="UserCheckModule" type="Teknik.Modules.UserCheckModule, Teknik" /> <add name="UserAuthModule" type="Teknik.Modules.UserAuthModule, Teknik" />
<remove name="UrlRoutingModule-4.0" /> <remove name="UrlRoutingModule-4.0" />
<add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" /> <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
</modules> </modules>
@ -134,6 +134,7 @@
<add name="Access-Control-Allow-Headers" value="Authorization, Accept, Origin, Content-Type, X-Requested-With, Connection, Transfer-Encoding" /> <add name="Access-Control-Allow-Headers" value="Authorization, Accept, Origin, Content-Type, X-Requested-With, Connection, Transfer-Encoding" />
<add name="strict-transport-security" value="max-age=31536000; includeSubdomains; preload" /> <add name="strict-transport-security" value="max-age=31536000; includeSubdomains; preload" />
<add name="X-XSS-Protection" value="1; mode=block" /> <add name="X-XSS-Protection" value="1; mode=block" />
<add name="Vary" value="Origin"/>
</customHeaders> </customHeaders>
</httpProtocol> </httpProtocol>
<httpErrors errorMode="Detailed" /> <httpErrors errorMode="Detailed" />