Added Vary: Origin header

4 лет назад · 61e0204361
--- a/Teknik/Global.asax.cs
+++ b/Teknik/Global.asax.cs
@ -77,71 +77,6 @@ namespace Teknik
				@@ -77,71 +77,6 @@ namespace Teknik
            }
        }

-        //protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
-        //{
-        //    // We support both Auth Tokens and Cookie Authentication
-
-        //    // Username and Roles for the current user
-        //    string username = string.Empty;
-            
-        //    bool hasAuthToken = false;
-        //    if (Request != null)
-        //    {
-        //        if (Request.Headers.HasKeys())
-        //        {
-        //            string auth = Request.Headers["Authorization"];
-        //            if (!string.IsNullOrEmpty(auth))
-        //            {
-        //                string[] parts = auth.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
-        //                string type = string.Empty;
-        //                string value = string.Empty;
-        //                if (parts.Length > 0)
-        //                {
-        //                    type = parts[0].ToLower();
-        //                }
-        //                if (parts.Length > 1)
-        //                {
-        //                    value = parts[1];
-        //                }
-
-        //                using (TeknikEntities entities = new TeknikEntities())
-        //                {
-        //                    // Get the user information based on the auth type
-        //                    switch (type)
-        //                    {
-        //                        case "basic":
-        //                            KeyValuePair<string, string> authCreds = StringHelper.ParseBasicAuthHeader(value);
-
-        //                            bool tokenValid = UserHelper.UserTokenCorrect(entities, authCreds.Key, authCreds.Value);
-        //                            if (tokenValid)
-        //                            {
-        //                                // it's valid, so let's update it's Last Used date
-        //                                UserHelper.UpdateTokenLastUsed(entities, authCreds.Key, authCreds.Value, DateTime.Now);
-
-        //                                // Set the username
-        //                                username = authCreds.Key;
-        //                            }
-        //                            break;
-        //                        default:
-        //                            break;
-        //                    }
-        //                }
-        //            }
-        //        }
-        //    }
-
-        //    if (FormsAuthentication.CookiesSupported == true && !hasAuthToken)
-        //    {
-        //        if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
-        //        {
-        //            //let us take out the username now                
-        //            username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
-        //        }
-        //    }
-
-        //    HttpContext.Current.User = new TeknikPrincipal(username);
-        //}
-
        protected void Application_Error(object sender, EventArgs e)
        {
            Exception exception = null;
--- a/Teknik/Modules/UserCheckModule.cs
+++ b/Teknik/Modules/UserCheckModule.cs
@ -12,7 +12,7 @@ using Teknik.Utilities;
				@@ -12,7 +12,7 @@ using Teknik.Utilities;

 namespace Teknik.Modules
 {
-    public class UserCheckModule : IHttpModule
+    public class UserAuthModule : IHttpModule
    {
        public void Dispose()
        {
--- a/Teknik/Teknik.csproj
+++ b/Teknik/Teknik.csproj
@ -310,7 +310,7 @@
				@@ -310,7 +310,7 @@
    <Compile Include="Areas\Vault\ViewModels\VaultItemViewModel.cs" />
    <Compile Include="Attributes\TeknikAuthorizeAttribute.cs" />
    <Compile Include="Hubs\IRCClientHub.cs" />
-    <Compile Include="Modules\UserCheckModule.cs" />
+    <Compile Include="Modules\UserAuthModule.cs" />
    <Compile Include="Security\ITeknikPrincipal.cs" />
    <Compile Include="Security\TeknikPrincipal.cs" />
    <Compile Include="Filters\CORSActionFilter.cs" />
--- a/Teknik/Web.config
+++ b/Teknik/Web.config
@ -55,7 +55,7 @@
				@@ -55,7 +55,7 @@
      <remove name="FormsAuthentication" />
      <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
      <add name="PerfModule" type="Teknik.Modules.PerformanceMonitorModule, Teknik" />
-      <add name="UserCheckModule" type="Teknik.Modules.UserCheckModule, Teknik" />
+      <add name="UserAuthModule" type="Teknik.Modules.UserAuthModule, Teknik" />
      <remove name="UrlRoutingModule-4.0" />
      <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
    </modules>
@ -134,6 +134,7 @@
				@@ -134,6 +134,7 @@
        <add name="Access-Control-Allow-Headers" value="Authorization, Accept, Origin, Content-Type, X-Requested-With, Connection, Transfer-Encoding" />
        <add name="strict-transport-security" value="max-age=31536000; includeSubdomains; preload" />
        <add name="X-XSS-Protection" value="1; mode=block" />
+        <add name="Vary" value="Origin"/>
      </customHeaders>
    </httpProtocol>
    <httpErrors errorMode="Detailed" />