bool validatePreflightRequest(HttpRequest request)

Validates whether or not a preflight request matches this policy.

Will return true if the policy agrees with the Access-Control-Request-* headers of the request, otherwise, false. This method is invoked internally by RequestControllers that have a RequestController.policy.

Source

bool validatePreflightRequest(HttpRequest request) {
  if (!isRequestOriginAllowed(request)) {
    return false;
  }

  var method = request.headers.value("access-control-request-method");
  if (!allowedMethods.contains(method)) {
    return false;
  }

  var requestedHeaders = request.headers
      .value("access-control-request-headers")
      ?.split(",")
      ?.map((str) => str.trim().toLowerCase())
      ?.toList();
  if (requestedHeaders?.isNotEmpty ?? false) {
    var nonSimpleHeaders =
        requestedHeaders.where((str) => !simpleRequestHeaders.contains(str));
    if (nonSimpleHeaders.any((h) => !allowedRequestHeaders.contains(h))) {
      return false;
    }
  }

  return true;
}