Added Vary: Origin header

Teknik/Global.asax.cs

@@ -77,71 +77,6 @@ namespace Teknik
             }
         }
 
-        //protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
-        //{
-        //    // We support both Auth Tokens and Cookie Authentication
-
-        //    // Username and Roles for the current user
-        //    string username = string.Empty;
-            
-        //    bool hasAuthToken = false;
-        //    if (Request != null)
-        //    {
-        //        if (Request.Headers.HasKeys())
-        //        {
-        //            string auth = Request.Headers["Authorization"];
-        //            if (!string.IsNullOrEmpty(auth))
-        //            {
-        //                string[] parts = auth.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries);
-        //                string type = string.Empty;
-        //                string value = string.Empty;
-        //                if (parts.Length > 0)
-        //                {
-        //                    type = parts[0].ToLower();
-        //                }
-        //                if (parts.Length > 1)
-        //                {
-        //                    value = parts[1];
-        //                }
-
-        //                using (TeknikEntities entities = new TeknikEntities())
-        //                {
-        //                    // Get the user information based on the auth type
-        //                    switch (type)
-        //                    {
-        //                        case "basic":
-        //                            KeyValuePair<string, string> authCreds = StringHelper.ParseBasicAuthHeader(value);
-
-        //                            bool tokenValid = UserHelper.UserTokenCorrect(entities, authCreds.Key, authCreds.Value);
-        //                            if (tokenValid)
-        //                            {
-        //                                // it's valid, so let's update it's Last Used date
-        //                                UserHelper.UpdateTokenLastUsed(entities, authCreds.Key, authCreds.Value, DateTime.Now);
-
-        //                                // Set the username
-        //                                username = authCreds.Key;
-        //                            }
-        //                            break;
-        //                        default:
-        //                            break;
-        //                    }
-        //                }
-        //            }
-        //        }
-        //    }
-
-        //    if (FormsAuthentication.CookiesSupported == true && !hasAuthToken)
-        //    {
-        //        if (Request.Cookies[FormsAuthentication.FormsCookieName] != null)
-        //        {
-        //            //let us take out the username now                
-        //            username = FormsAuthentication.Decrypt(Request.Cookies[FormsAuthentication.FormsCookieName].Value).Name;
-        //        }
-        //    }
-
-        //    HttpContext.Current.User = new TeknikPrincipal(username);
-        //}
-
         protected void Application_Error(object sender, EventArgs e)
         {
             Exception exception = null;

Teknik/Modules/UserCheckModule.cs → Teknik/Modules/UserAuthModule.cs

@@ -12,7 +12,7 @@ using Teknik.Utilities;
 
 namespace Teknik.Modules
 {
-    public class UserCheckModule : IHttpModule
+    public class UserAuthModule : IHttpModule
     {
         public void Dispose()
         {

Teknik/Teknik.csproj

@@ -310,7 +310,7 @@
     <Compile Include="Areas\Vault\ViewModels\VaultItemViewModel.cs" />
     <Compile Include="Attributes\TeknikAuthorizeAttribute.cs" />
     <Compile Include="Hubs\IRCClientHub.cs" />
-    <Compile Include="Modules\UserCheckModule.cs" />
+    <Compile Include="Modules\UserAuthModule.cs" />
     <Compile Include="Security\ITeknikPrincipal.cs" />
     <Compile Include="Security\TeknikPrincipal.cs" />
     <Compile Include="Filters\CORSActionFilter.cs" />

Teknik/Web.config

@@ -55,7 +55,7 @@
       <remove name="FormsAuthentication" />
       <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule" />
       <add name="PerfModule" type="Teknik.Modules.PerformanceMonitorModule, Teknik" />
-      <add name="UserCheckModule" type="Teknik.Modules.UserCheckModule, Teknik" />
+      <add name="UserAuthModule" type="Teknik.Modules.UserAuthModule, Teknik" />
       <remove name="UrlRoutingModule-4.0" />
       <add name="UrlRoutingModule-4.0" type="System.Web.Routing.UrlRoutingModule" preCondition="" />
     </modules>
@@ -134,6 +134,7 @@
         <add name="Access-Control-Allow-Headers" value="Authorization, Accept, Origin, Content-Type, X-Requested-With, Connection, Transfer-Encoding" />
         <add name="strict-transport-security" value="max-age=31536000; includeSubdomains; preload" />
         <add name="X-XSS-Protection" value="1; mode=block" />
+        <add name="Vary" value="Origin"/>
       </customHeaders>
     </httpProtocol>
     <httpErrors errorMode="Detailed" />