diff options
Diffstat (limited to 'src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs')
| -rw-r--r-- | src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs index 2d049c1..7c03555 100644 --- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs @@ -15,6 +15,9 @@ namespace DotNetOpenAuth.Messaging { using System.IO.Compression; using System.Linq; using System.Net; +#if CLR4 + using System.Net.Http; +#endif using System.Net.Mime; using System.Runtime.Serialization.Json; using System.Security; @@ -161,6 +164,28 @@ namespace DotNetOpenAuth.Messaging { return new OutgoingWebResponseActionResult(response); } +#if CLR4 + /// <summary> + /// Transforms an OutgoingWebResponse to a Web API-friendly HttpResponseMessage. + /// </summary> + /// <param name="outgoingResponse">The response to send to the user agent.</param> + /// <returns>The <see cref="HttpResponseMessage"/> instance to be returned by the Web API method.</returns> + public static HttpResponseMessage AsHttpResponseMessage(this OutgoingWebResponse outgoingResponse) { + HttpResponseMessage response = new HttpResponseMessage(outgoingResponse.Status) { + Content = new StreamContent(outgoingResponse.ResponseStream) + }; + + var responseHeaders = outgoingResponse.Headers; + foreach (var header in responseHeaders.AllKeys) { + if (!response.Headers.TryAddWithoutValidation(header, responseHeaders[header])) { + response.Content.Headers.TryAddWithoutValidation(header, responseHeaders[header]); + } + } + + return response; + } +#endif + /// <summary> /// Gets the original request URL, as seen from the browser before any URL rewrites on the server if any. /// Cookieless session directory (if applicable) is also included. @@ -357,6 +382,28 @@ namespace DotNetOpenAuth.Messaging { } /// <summary> + /// Creates the XML reader settings to use for reading XML from untrusted sources. + /// </summary> + /// <returns> + /// The new instance of <see cref="XmlReaderSettings"/>. + /// </returns> + /// <remarks> + /// The default values set here are based on recommendations from + /// http://msdn.microsoft.com/en-us/magazine/ee335713.aspx + /// </remarks> + internal static XmlReaderSettings CreateUntrustedXmlReaderSettings() { + return new XmlReaderSettings { + MaxCharactersFromEntities = 1024, + XmlResolver = null, +#if CLR4 + DtdProcessing = DtdProcessing.Prohibit, +#else + ProhibitDtd = true, +#endif + }; + } + + /// <summary> /// Clears any existing elements in a collection and fills the collection with a given set of values. /// </summary> /// <typeparam name="T">The type of value kept in the collection.</typeparam> |