Validates whether or not a preflight request matches this policy.
Will return true if the policy agrees with the Access-Control-Request-* headers of the request, otherwise, false. This method is invoked internally by RequestControllers that have a RequestController.policy.
Source
bool validatePreflightRequest(HttpRequest request) { if (!isRequestOriginAllowed(request)) { return false; } var method = request.headers.value("access-control-request-method"); if (!allowedMethods.contains(method)) { return false; } var requestedHeaders = request.headers .value("access-control-request-headers") ?.split(",") ?.map((str) => str.trim().toLowerCase()) ?.toList(); if (requestedHeaders?.isNotEmpty ?? false) { var nonSimpleHeaders = requestedHeaders.where((str) => !simpleRequestHeaders.contains(str)); if (nonSimpleHeaders.any((h) => !allowedRequestHeaders.contains(h))) { return false; } } return true; }