diff --git a/hosts/AspNetIdentity/Pages/Extensions.cs b/hosts/AspNetIdentity/Pages/Extensions.cs index 96aa252bd..79423a1af 100644 --- a/hosts/AspNetIdentity/Pages/Extensions.cs +++ b/hosts/AspNetIdentity/Pages/Extensions.cs @@ -35,7 +35,7 @@ internal static bool IsNativeClient(this AuthorizationRequest context) internal static IActionResult LoadingPage(this PageModel page, string? redirectUri) { page.HttpContext.Response.StatusCode = 200; - page.HttpContext.Response.Headers["Location"] = ""; + page.HttpContext.Response.Headers.Location = ""; return page.RedirectToPage("/Redirect/Index", new { RedirectUri = redirectUri }); } diff --git a/hosts/Configuration/Extensions/SameSiteHandlingExtensions.cs b/hosts/Configuration/Extensions/SameSiteHandlingExtensions.cs index ed3e3b56a..4fed385ef 100644 --- a/hosts/Configuration/Extensions/SameSiteHandlingExtensions.cs +++ b/hosts/Configuration/Extensions/SameSiteHandlingExtensions.cs @@ -24,7 +24,7 @@ private static void CheckSameSite(HttpContext httpContext, CookieOptions options { if (options.SameSite == SameSiteMode.None) { - var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); + var userAgent = httpContext.Request.Headers.UserAgent.ToString(); if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent)) { // For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1) diff --git a/hosts/Configuration/Pages/Extensions.cs b/hosts/Configuration/Pages/Extensions.cs index 96aa252bd..79423a1af 100644 --- a/hosts/Configuration/Pages/Extensions.cs +++ b/hosts/Configuration/Pages/Extensions.cs @@ -35,7 +35,7 @@ internal static bool IsNativeClient(this AuthorizationRequest context) internal static IActionResult LoadingPage(this PageModel page, string? redirectUri) { page.HttpContext.Response.StatusCode = 200; - page.HttpContext.Response.Headers["Location"] = ""; + page.HttpContext.Response.Headers.Location = ""; return page.RedirectToPage("/Redirect/Index", new { RedirectUri = redirectUri }); } diff --git a/hosts/EntityFramework/Pages/Extensions.cs b/hosts/EntityFramework/Pages/Extensions.cs index 96aa252bd..79423a1af 100644 --- a/hosts/EntityFramework/Pages/Extensions.cs +++ b/hosts/EntityFramework/Pages/Extensions.cs @@ -35,7 +35,7 @@ internal static bool IsNativeClient(this AuthorizationRequest context) internal static IActionResult LoadingPage(this PageModel page, string? redirectUri) { page.HttpContext.Response.StatusCode = 200; - page.HttpContext.Response.Headers["Location"] = ""; + page.HttpContext.Response.Headers.Location = ""; return page.RedirectToPage("/Redirect/Index", new { RedirectUri = redirectUri }); } diff --git a/hosts/main/Extensions/SameSiteHandlingExtensions.cs b/hosts/main/Extensions/SameSiteHandlingExtensions.cs index ed3e3b56a..4fed385ef 100644 --- a/hosts/main/Extensions/SameSiteHandlingExtensions.cs +++ b/hosts/main/Extensions/SameSiteHandlingExtensions.cs @@ -24,7 +24,7 @@ private static void CheckSameSite(HttpContext httpContext, CookieOptions options { if (options.SameSite == SameSiteMode.None) { - var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); + var userAgent = httpContext.Request.Headers.UserAgent.ToString(); if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent)) { // For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1) diff --git a/hosts/main/Pages/Extensions.cs b/hosts/main/Pages/Extensions.cs index 96aa252bd..79423a1af 100644 --- a/hosts/main/Pages/Extensions.cs +++ b/hosts/main/Pages/Extensions.cs @@ -35,7 +35,7 @@ internal static bool IsNativeClient(this AuthorizationRequest context) internal static IActionResult LoadingPage(this PageModel page, string? redirectUri) { page.HttpContext.Response.StatusCode = 200; - page.HttpContext.Response.Headers["Location"] = ""; + page.HttpContext.Response.Headers.Location = ""; return page.RedirectToPage("/Redirect/Index", new { RedirectUri = redirectUri }); } diff --git a/src/IdentityServer/Extensions/HttpRequestExtensions.cs b/src/IdentityServer/Extensions/HttpRequestExtensions.cs index 1d7dfcc26..03c5e1796 100644 --- a/src/IdentityServer/Extensions/HttpRequestExtensions.cs +++ b/src/IdentityServer/Extensions/HttpRequestExtensions.cs @@ -15,7 +15,7 @@ public static class HttpRequestExtensions { public static string GetCorsOrigin(this HttpRequest request) { - var origin = request.Headers["Origin"].FirstOrDefault(); + var origin = request.Headers.Origin.FirstOrDefault(); var thisOrigin = request.Scheme + "://" + request.Host; // see if the Origin is different than this server's origin. if so diff --git a/src/IdentityServer/Extensions/HttpResponseExtensions.cs b/src/IdentityServer/Extensions/HttpResponseExtensions.cs index 5d334caaa..5a678793c 100644 --- a/src/IdentityServer/Extensions/HttpResponseExtensions.cs +++ b/src/IdentityServer/Extensions/HttpResponseExtensions.cs @@ -51,9 +51,9 @@ public static void SetCache(this HttpResponse response, int maxAge, params strin var vary = varyBy.Aggregate((x, y) => x + "," + y); if (response.Headers.ContainsKey("Vary")) { - vary = response.Headers["Vary"].ToString() + "," + vary; + vary = response.Headers.Vary.ToString() + "," + vary; } - response.Headers["Vary"] = vary; + response.Headers.Vary = vary; } } } @@ -66,7 +66,7 @@ public static void SetNoCache(this HttpResponse response) } else { - response.Headers["Cache-Control"] = "no-store, no-cache, max-age=0"; + response.Headers.CacheControl = "no-store, no-cache, max-age=0"; } if (!response.Headers.ContainsKey("Pragma")) diff --git a/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs b/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs index 4857f49ee..b77fc1b69 100644 --- a/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs +++ b/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs @@ -65,7 +65,7 @@ protected override async Task HandleAuthenticateAsync() string token = null; - string authorization = Request.Headers["Authorization"]; + string authorization = Request.Headers.Authorization; if (string.IsNullOrEmpty(authorization)) { diff --git a/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs b/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs index fca38a3ee..f8196ab83 100644 --- a/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs +++ b/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs @@ -53,7 +53,7 @@ public Task ParseAsync(HttpContext context) _logger.LogDebug("Start parsing Basic Authentication secret"); var notfound = Task.FromResult(null); - var authorizationHeader = context.Request.Headers["Authorization"].FirstOrDefault(); + var authorizationHeader = context.Request.Headers.Authorization.FirstOrDefault(); if (authorizationHeader.IsMissing()) { diff --git a/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs b/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs index 7c355113d..82f5869a3 100644 --- a/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs +++ b/src/IdentityServer/Validation/Default/BearerTokenUsageValidator.cs @@ -62,7 +62,7 @@ public async Task ValidateAsync(HttpContext co /// public BearerTokenUsageValidationResult ValidateAuthorizationHeader(HttpContext context) { - var authorizationHeader = context.Request.Headers["Authorization"].FirstOrDefault(); + var authorizationHeader = context.Request.Headers.Authorization.FirstOrDefault(); if (authorizationHeader.IsPresent()) { var header = authorizationHeader.Trim(); diff --git a/test/IdentityServer.UnitTests/Endpoints/EndSession/EndSessionCallbackResultTests.cs b/test/IdentityServer.UnitTests/Endpoints/EndSession/EndSessionCallbackResultTests.cs index 88a00f99d..069d83a29 100644 --- a/test/IdentityServer.UnitTests/Endpoints/EndSession/EndSessionCallbackResultTests.cs +++ b/test/IdentityServer.UnitTests/Endpoints/EndSession/EndSessionCallbackResultTests.cs @@ -41,7 +41,7 @@ public async Task default_options_should_emit_frame_src_csp_headers() await _subject.WriteHttpResponse(new EndSessionCallbackResult(_validationResult), ctx); - ctx.Response.Headers["Content-Security-Policy"].First().Should().Contain("frame-src http://foo"); + ctx.Response.Headers.ContentSecurityPolicy.First().Should().Contain("frame-src http://foo"); } [Fact] @@ -55,6 +55,6 @@ public async Task relax_csp_options_should_prevent_frame_src_csp_headers() await _subject.WriteHttpResponse(new EndSessionCallbackResult(_validationResult), ctx); - ctx.Response.Headers["Content-Security-Policy"].FirstOrDefault().Should().BeNull(); + ctx.Response.Headers.ContentSecurityPolicy.FirstOrDefault().Should().BeNull(); } } \ No newline at end of file diff --git a/test/IdentityServer.UnitTests/Endpoints/Results/AuthorizeResultTests.cs b/test/IdentityServer.UnitTests/Endpoints/Results/AuthorizeResultTests.cs index ed8929b0c..a4abe258e 100644 --- a/test/IdentityServer.UnitTests/Endpoints/Results/AuthorizeResultTests.cs +++ b/test/IdentityServer.UnitTests/Endpoints/Results/AuthorizeResultTests.cs @@ -59,7 +59,7 @@ public async Task error_should_redirect_to_error_page_and_passs_info() _mockErrorMessageStore.Messages.Count.Should().Be(1); _context.Response.StatusCode.Should().Be(302); - var location = _context.Response.Headers["Location"].First(); + var location = _context.Response.Headers.Location.First(); location.Should().StartWith("https://server/error"); var query = QueryHelpers.ParseQuery(new Uri(location).Query); query["errorId"].First().Should().Be(_mockErrorMessageStore.Messages.First().Key); @@ -84,7 +84,7 @@ public async Task prompt_none_errors_should_return_to_client(string error) _mockUserSession.Clients.Count.Should().Be(0); _context.Response.StatusCode.Should().Be(302); - var location = _context.Response.Headers["Location"].First(); + var location = _context.Response.Headers.Location.First(); location.Should().StartWith("http://client/callback"); } @@ -108,7 +108,7 @@ public async Task prompt_none_errors_for_anonymous_users_should_include_session_ _mockUserSession.Clients.Count.Should().Be(0); _context.Response.StatusCode.Should().Be(302); - var location = _context.Response.Headers["Location"].First(); + var location = _context.Response.Headers.Location.First(); location.Should().Contain("session_state=some_session_state"); } @@ -129,7 +129,7 @@ public async Task access_denied_should_return_to_client() _mockUserSession.Clients.Count.Should().Be(0); _context.Response.StatusCode.Should().Be(302); - var location = _context.Response.Headers["Location"].First(); + var location = _context.Response.Headers.Location.First(); location.Should().StartWith("http://client/callback"); var queryString = new Uri(location).Query; @@ -168,10 +168,10 @@ public async Task query_mode_should_pass_results_in_query() await _subject.WriteHttpResponse(new AuthorizeResult(_response), _context); _context.Response.StatusCode.Should().Be(302); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-store"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-cache"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("max-age=0"); - var location = _context.Response.Headers["Location"].First(); + _context.Response.Headers.CacheControl.First().Should().Contain("no-store"); + _context.Response.Headers.CacheControl.First().Should().Contain("no-cache"); + _context.Response.Headers.CacheControl.First().Should().Contain("max-age=0"); + var location = _context.Response.Headers.Location.First(); location.Should().StartWith("http://client/callback"); location.Should().Contain("?state=state"); } @@ -190,10 +190,10 @@ public async Task fragment_mode_should_pass_results_in_fragment() await _subject.WriteHttpResponse(new AuthorizeResult(_response), _context); _context.Response.StatusCode.Should().Be(302); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-store"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-cache"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("max-age=0"); - var location = _context.Response.Headers["Location"].First(); + _context.Response.Headers.CacheControl.First().Should().Contain("no-store"); + _context.Response.Headers.CacheControl.First().Should().Contain("no-cache"); + _context.Response.Headers.CacheControl.First().Should().Contain("max-age=0"); + var location = _context.Response.Headers.Location.First(); location.Should().StartWith("http://client/callback"); location.Should().Contain("#state=state"); } @@ -213,11 +213,11 @@ public async Task form_post_mode_should_pass_results_in_body() _context.Response.StatusCode.Should().Be(200); _context.Response.ContentType.Should().StartWith("text/html"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-store"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-cache"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("max-age=0"); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain("default-src 'none';"); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); + _context.Response.Headers.CacheControl.First().Should().Contain("no-store"); + _context.Response.Headers.CacheControl.First().Should().Contain("no-cache"); + _context.Response.Headers.CacheControl.First().Should().Contain("max-age=0"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain("default-src 'none';"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain("default-src 'none';"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); _context.Response.Body.Seek(0, SeekOrigin.Begin); @@ -245,7 +245,7 @@ public async Task form_post_mode_should_add_unsafe_inline_for_csp_level_1() await _subject.WriteHttpResponse(new AuthorizeResult(_response), _context); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain($"script-src 'unsafe-inline' '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain($"script-src 'unsafe-inline' '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain($"script-src 'unsafe-inline' '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); } @@ -264,7 +264,7 @@ public async Task form_post_mode_should_not_add_deprecated_header_when_it_is_dis await _subject.WriteHttpResponse(new AuthorizeResult(_response), _context); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.AuthorizeScript}'"); _context.Response.Headers["X-Content-Security-Policy"].Should().BeEmpty(); } } \ No newline at end of file diff --git a/test/IdentityServer.UnitTests/Endpoints/Results/CheckSessionResultTests.cs b/test/IdentityServer.UnitTests/Endpoints/Results/CheckSessionResultTests.cs index b95149cd5..a043e4538 100644 --- a/test/IdentityServer.UnitTests/Endpoints/Results/CheckSessionResultTests.cs +++ b/test/IdentityServer.UnitTests/Endpoints/Results/CheckSessionResultTests.cs @@ -41,8 +41,8 @@ public async Task should_pass_results_in_body() _context.Response.StatusCode.Should().Be(200); _context.Response.ContentType.Should().StartWith("text/html"); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain("default-src 'none';"); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain("default-src 'none';"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain("default-src 'none';"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); _context.Response.Body.Seek(0, SeekOrigin.Begin); @@ -60,7 +60,7 @@ public async Task form_post_mode_should_add_unsafe_inline_for_csp_level_1() await _subject.WriteHttpResponse(new CheckSessionResult(), _context); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain($"script-src 'unsafe-inline' '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain($"script-src 'unsafe-inline' '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain($"script-src 'unsafe-inline' '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); } @@ -71,7 +71,7 @@ public async Task form_post_mode_should_not_add_deprecated_header_when_it_is_dis await _subject.WriteHttpResponse(new CheckSessionResult(), _context); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain($"script-src '{IdentityServerConstants.ContentSecurityPolicyHashes.CheckSessionScript}'"); _context.Response.Headers["X-Content-Security-Policy"].Should().BeEmpty(); } diff --git a/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionCallbackResultTests.cs b/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionCallbackResultTests.cs index 6a4699ed4..a391a9a56 100644 --- a/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionCallbackResultTests.cs +++ b/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionCallbackResultTests.cs @@ -53,12 +53,12 @@ public async Task success_should_render_html_and_iframes() await _subject.WriteHttpResponse(new EndSessionCallbackResult(_result), _context); _context.Response.ContentType.Should().StartWith("text/html"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-store"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("no-cache"); - _context.Response.Headers["Cache-Control"].First().Should().Contain("max-age=0"); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain("default-src 'none';"); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain("style-src 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4=';"); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain("frame-src http://foo.com http://bar.com"); + _context.Response.Headers.CacheControl.First().Should().Contain("no-store"); + _context.Response.Headers.CacheControl.First().Should().Contain("no-cache"); + _context.Response.Headers.CacheControl.First().Should().Contain("max-age=0"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain("default-src 'none';"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain("style-src 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4=';"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain("frame-src http://foo.com http://bar.com"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain("default-src 'none';"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain("style-src 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4=';"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain("frame-src http://foo.com http://bar.com"); @@ -80,7 +80,7 @@ public async Task fsuccess_should_add_unsafe_inline_for_csp_level_1() await _subject.WriteHttpResponse(new EndSessionCallbackResult(_result), _context); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain("style-src 'unsafe-inline' 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4='"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain("style-src 'unsafe-inline' 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4='"); _context.Response.Headers["X-Content-Security-Policy"].First().Should().Contain("style-src 'unsafe-inline' 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4='"); } @@ -93,7 +93,7 @@ public async Task form_post_mode_should_not_add_deprecated_header_when_it_is_dis await _subject.WriteHttpResponse(new EndSessionCallbackResult(_result), _context); - _context.Response.Headers["Content-Security-Policy"].First().Should().Contain("style-src 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4='"); + _context.Response.Headers.ContentSecurityPolicy.First().Should().Contain("style-src 'sha256-e6FQZewefmod2S/5T11pTXjzE2vn3/8GRwWOs917YE4='"); _context.Response.Headers["X-Content-Security-Policy"].Should().BeEmpty(); } } \ No newline at end of file diff --git a/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionResultTests.cs b/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionResultTests.cs index bded4e96c..ac6ef9f5b 100644 --- a/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionResultTests.cs +++ b/test/IdentityServer.UnitTests/Endpoints/Results/EndSessionResultTests.cs @@ -58,7 +58,7 @@ public async Task validated_signout_should_pass_logout_message() await _subject.WriteHttpResponse(new EndSessionResult(_result), _context); _mockLogoutMessageStore.Messages.Count.Should().Be(1); - var location = _context.Response.Headers["Location"].Single(); + var location = _context.Response.Headers.Location.Single(); var query = QueryHelpers.ParseQuery(new Uri(location).Query); location.Should().StartWith("https://server/logout"); @@ -73,7 +73,7 @@ public async Task unvalidated_signout_should_not_pass_logout_message() await _subject.WriteHttpResponse(new EndSessionResult(_result), _context); _mockLogoutMessageStore.Messages.Count.Should().Be(0); - var location = _context.Response.Headers["Location"].Single(); + var location = _context.Response.Headers.Location.Single(); var query = QueryHelpers.ParseQuery(new Uri(location).Query); location.Should().StartWith("https://server/logout"); @@ -96,7 +96,7 @@ public async Task error_result_should_not_pass_logout_message() await _subject.WriteHttpResponse(new EndSessionResult(_result), _context); _mockLogoutMessageStore.Messages.Count.Should().Be(0); - var location = _context.Response.Headers["Location"].Single(); + var location = _context.Response.Headers.Location.Single(); var query = QueryHelpers.ParseQuery(new Uri(location).Query); location.Should().StartWith("https://server/logout");