-
Notifications
You must be signed in to change notification settings - Fork 266
Expand file tree
/
Copy pathReservedHeaderNames.cs
More file actions
65 lines (58 loc) · 2.01 KB
/
ReservedHeaderNames.cs
File metadata and controls
65 lines (58 loc) · 2.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
using System.Collections.Generic;
namespace Microsoft.Identity.Web
{
/// <summary>
/// Reserved header names that callers must not provide through
/// <see cref="Microsoft.Identity.Abstractions.DownstreamApiOptions.ExtraHeaderParameters"/>.
/// The library either sets these itself, or they have host-level meaning that
/// should not be controlled by per-request configuration.
/// </summary>
internal static class ReservedHeaderNames
{
// Exact-match names (case-insensitive).
private static readonly HashSet<string> s_exactNames = new(StringComparer.OrdinalIgnoreCase)
{
"Authorization",
"Cookie",
"Host",
"X-Original-URL",
"X-MS-CLIENT-PRINCIPAL",
"X-MS-CLIENT-PRINCIPAL-ID",
"X-MS-CLIENT-PRINCIPAL-NAME",
"X-MS-CLIENT-PRINCIPAL-IDP",
};
// Prefix-match names (case-insensitive). Any header name starting with one of
// these prefixes is treated as reserved.
private static readonly string[] s_prefixes = new[]
{
"X-Forwarded-",
"X-MS-TOKEN-AAD-",
};
/// <summary>
/// Returns <see langword="true"/> when <paramref name="headerName"/> matches any
/// reserved exact name or reserved prefix.
/// </summary>
public static bool IsReserved(string headerName)
{
if (string.IsNullOrEmpty(headerName))
{
return false;
}
if (s_exactNames.Contains(headerName))
{
return true;
}
for (int i = 0; i < s_prefixes.Length; i++)
{
if (headerName.StartsWith(s_prefixes[i], StringComparison.OrdinalIgnoreCase))
{
return true;
}
}
return false;
}
}
}