Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

external/aspnetwebstack/src/System.Web.Mvc/RequireHttpsAttribute.cs

@@ -0,0 +1,40 @@
+// Copyright (c) Microsoft Corporation. All rights reserved. See License.txt in the project root for license information.
+
+using System.Diagnostics.CodeAnalysis;
+using System.Web.Mvc.Properties;
+
+namespace System.Web.Mvc
+{
+    [SuppressMessage("Microsoft.Performance", "CA1813:AvoidUnsealedAttributes", Justification = "Unsealed because type contains virtual extensibility points.")]
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
+    public class RequireHttpsAttribute : FilterAttribute, IAuthorizationFilter
+    {
+        public virtual void OnAuthorization(AuthorizationContext filterContext)
+        {
+            if (filterContext == null)
+            {
+                throw new ArgumentNullException("filterContext");
+            }
+
+            if (!filterContext.HttpContext.Request.IsSecureConnection)
+            {
+                HandleNonHttpsRequest(filterContext);
+            }
+        }
+
+        protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext)
+        {
+            // only redirect for GET requests, otherwise the browser might not propagate the verb and request
+            // body correctly.
+
+            if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
+            {
+                throw new InvalidOperationException(MvcResources.RequireHttpsAttribute_MustUseSsl);
+            }
+
+            // redirect to HTTPS version of page
+            string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
+            filterContext.Result = new RedirectResult(url);
+        }
+    }
+}