From 9c5ce631a92a92ca6005f410fd00f1abc61ca67e Mon Sep 17 00:00:00 2001 From: Shannon Date: Fri, 20 Nov 2020 12:12:54 +1100 Subject: [PATCH] removes UmbracoWebApiRequireHttpsAttribute since we dont' need it --- .../UmbracoAuthorizedApiController.cs | 2 +- .../UmbracoWebApiRequireHttpsAttribute.cs | 74 ------------------- 2 files changed, 1 insertion(+), 75 deletions(-) delete mode 100644 src/Umbraco.Web.BackOffice/Filters/UmbracoWebApiRequireHttpsAttribute.cs diff --git a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs index e3d779d61d..080671d3dd 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs @@ -18,7 +18,7 @@ namespace Umbraco.Web.BackOffice.Controllers [UmbracoUserTimeoutFilter] [UmbracoBackOfficeAuthorize] [DisableBrowserCache] - [UmbracoWebApiRequireHttps] + [RequireHttps] [CheckIfUserTicketDataIsStale] [MiddlewareFilter(typeof(UnhandledExceptionLoggerFilter))] public abstract class UmbracoAuthorizedApiController : UmbracoApiController diff --git a/src/Umbraco.Web.BackOffice/Filters/UmbracoWebApiRequireHttpsAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/UmbracoWebApiRequireHttpsAttribute.cs deleted file mode 100644 index e2a1d942d9..0000000000 --- a/src/Umbraco.Web.BackOffice/Filters/UmbracoWebApiRequireHttpsAttribute.cs +++ /dev/null @@ -1,74 +0,0 @@ -using System; -using System.Net; -using System.Net.Http; -using Microsoft.AspNetCore.Mvc; -using Microsoft.AspNetCore.Mvc.Filters; -using Microsoft.Extensions.Options; -using Umbraco.Core.Configuration.Models; - -namespace Umbraco.Web.BackOffice.Filters -{ - /// - /// If Umbraco.Core.UseHttps property in web.config is set to true, this filter will redirect any http access to https. - /// - /// - /// This will only redirect Head/Get requests, otherwise will respond with text - /// - /// References: - /// http://issues.umbraco.org/issue/U4-8542 - /// https://blogs.msdn.microsoft.com/carlosfigueira/2012/03/09/implementing-requirehttps-with-asp-net-web-api/ - /// - public class UmbracoWebApiRequireHttpsAttribute : TypeFilterAttribute - { - public UmbracoWebApiRequireHttpsAttribute() : base(typeof(UmbracoWebApiRequireHttpsFilter)) - { - Arguments = Array.Empty(); - } - } - - public class UmbracoWebApiRequireHttpsFilter: IAuthorizationFilter - { - private readonly GlobalSettings _globalSettings; - - public UmbracoWebApiRequireHttpsFilter(IOptions globalSettings) - { - _globalSettings = globalSettings.Value; - } - - public void OnAuthorization(AuthorizationFilterContext context) - { - var request = context.HttpContext.Request; - if (_globalSettings.UseHttps && request.Scheme != Uri.UriSchemeHttps) - { - var uri = new UriBuilder() - { - Scheme = Uri.UriSchemeHttps, - Host = request.Host.Value, - Path = request.Path, - Query = request.QueryString.ToUriComponent(), - Port = 443 - }; - var body = string.Format("

The resource can be found at {0}.

", - uri.Uri.AbsoluteUri); - if (request.Method.Equals(HttpMethod.Get.ToString()) || request.Method.Equals(HttpMethod.Head.ToString())) - { - context.HttpContext.Response.Headers.Add("Location", uri.Uri.ToString()); - context.Result = new ObjectResult(body) - { - StatusCode = (int)HttpStatusCode.Found, - }; - - } - else - { - context.Result = new ObjectResult(body) - { - StatusCode = (int)HttpStatusCode.NotFound - }; - } - - - } - } - } -}