/// <summary>
/// Adds the "X-Frame-Options" with DENY when the request uri is not provided to the response. Otherwise the request
/// uri with ALLOW-FROM <request uri>.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <param name="origins">The allowed uirs.</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc AntiClickjackingHeader(this BuildFunc builder, params Uri[] origins)
{
origins.MustNotNull("origins");
origins.MustHaveAtLeastOneValue("origins");
builder(_ => AntiClickjackingMiddleware.AntiClickjackingHeader(origins));
return(builder);
}
public static BuildFunc UseHangfireDashboard(
[NotNull] this BuildFunc builder,
[NotNull] DashboardOptions options,
[NotNull] JobStorage storage,
[NotNull] RouteCollection routes,
[CanBeNull] IOwinDashboardAntiforgery antiforgery)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (storage == null)
{
throw new ArgumentNullException(nameof(storage));
}
if (routes == null)
{
throw new ArgumentNullException(nameof(routes));
}
builder(_ => UseHangfireDashboard(options, storage, routes, antiforgery));
return(builder);
}
public static BuildFunc UseHangfireDashboard(
[NotNull] this BuildFunc builder,
[NotNull] DashboardOptions options,
[NotNull] JobStorage storage,
[NotNull] RouteCollection routes)
{
if (builder == null)
{
throw new ArgumentNullException("builder");
}
if (options == null)
{
throw new ArgumentNullException("options");
}
if (storage == null)
{
throw new ArgumentNullException("storage");
}
if (routes == null)
{
throw new ArgumentNullException("routes");
}
builder(_ => UseHangfireDashboard(options, storage, routes));
return(builder);
}
public void Examples()
{
IAppBuilder appbuilder = null;
BuildFunc buildFunc = null;
// Add X-Content-Type-Option: nosniff
buildFunc.ContentTypeOptions();
appbuilder.ContentTypeOptions();
}
SheetInfo CreateSheetInfo <K, V>(BuildFunc buildFunc, ParseFunc parseFunc = null) where V : AssetData <K>
{
var si = new SheetInfo();
si.sheetname = typeof(V).Name;
si.buildFunc = buildFunc;
si.parseFunc = null != parseFunc ? parseFunc : this.ParseFromCsv <K, V>;
return(si);
}
private static OwinApplication ConfigureApplication(Action <BuildFunc> configure)
{
var middleware = new List <MidFunc>();
var builder = new BuildFunc(middleware.Add);
configure(builder);
return(BuildApplication(middleware));
}
public static BuildFunc UseMonitoringAndLogging(
this BuildFunc buildFunc,
ILogger log,
Func <Task <bool> > healthCheck)
{
buildFunc(next => GlobalErrorLogging.Middleware(next, log));
buildFunc(next => CorrelationToken.Middleware(next));
buildFunc(next => RequestLogging.Middleware(next, log));
buildFunc(next => PerformanceLogging.Middleware(next, log));
buildFunc(next => new MonitoringMiddleware(next, healthCheck).Invoke);
return(buildFunc);
}
public void Examples()
{
IAppBuilder appbuilder = null;
BuildFunc buildFunc = null;
// Add X-Xss-Protection: 1; mode=block
buildFunc.XssProtectionHeader();
appbuilder.XssProtectionHeader();
// Add X-Xss-Protection: 0
buildFunc.XssProtectionHeader(disabled: true);
appbuilder.XssProtectionHeader(disabled: true);
}
public static BuildFunc UseGuardianDashboard(this BuildFunc builder, GuardianOptions options)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
GuardianOptionsFactory.RegisterOptionsFactory(() => options);
GuardianRouter.BuildRoutes(ReflectionHelper.GetExecutingAssembly());
builder(_ => UseGuardianDashboard());
return(builder);
}
public void Examples()
{
IAppBuilder appbuilder = null;
BuildFunc buildFunc = null;
// Add X-Frame-Options: DENY
buildFunc.AntiClickjackingHeader();
appbuilder.AntiClickjackingHeader();
// Add X-Frame-Options: SAMEORIGIN
buildFunc.AntiClickjackingHeader(XFrameOption.SameOrigin);
appbuilder.AntiClickjackingHeader(XFrameOption.SameOrigin);
// Add X-Frame-Options: ALLOW-FROM http://www.exmple.com when the Request uri is the allow-from uri.
// Otherwise DENY will be sent.
buildFunc.AntiClickjackingHeader("http://www.example.com", "https://www.example.com");
appbuilder.AntiClickjackingHeader("http://www.example.com", "https://www.example.com");
// or with URIs
buildFunc.AntiClickjackingHeader(new Uri("http://www.example.com"), new Uri("https://www.example.com"));
appbuilder.AntiClickjackingHeader(new Uri("http://www.example.com"), new Uri("https://www.example.com"));
}
public static BuildFunc UseDashboard(
this BuildFunc builder,
DashboardOptions options,
RouteCollection routes)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (routes == null)
{
throw new ArgumentNullException(nameof(routes));
}
builder(_ => UseDashboard(options, routes));
return(builder);
}
public static BuildFunc UseModuleActivator(
[NotNull] this BuildFunc builder,
[NotNull] DashboardOptions options,
[NotNull] RouteCollection routes)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
if (routes == null)
{
throw new ArgumentNullException(nameof(routes));
}
builder(_ => UseModuleActivator(options, routes));
return(builder);
}
public void Examples()
{
IAppBuilder appbuilder = null;
BuildFunc buildFunc = null;
// Remark: 31536000 = 1 year in seconds
// Add Strict-Transport-Security: max-age=31536000;includeSubDomains
buildFunc.StrictTransportSecurity();
appbuilder.StrictTransportSecurity();
// Add Strict-Transport-Security with the configured settings
var config = new StrictTransportSecurityOptions {
IncludeSubDomains = true,
MaxAge = 31536000,
RedirectToSecureTransport = true,
RedirectUriBuilder = uri => "", // Only do this, when you want to replace the default behavior (from http to https).
RedirectReasonPhrase = statusCode => "ResonPhrase"
};
buildFunc.StrictTransportSecurity(config);
appbuilder.StrictTransportSecurity(config);
}
/// <summary>
/// Adds the "Content-Security-Policy-Report-Only" (CSP) header with the given configuration to the response.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <param name="configuration">The Content-Security-Policy configuration.</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc ContentSecurityPolicyReportOnly(this BuildFunc builder, ContentSecurityPolicyConfiguration configuration)
{
configuration.MustNotNull("configuration");
builder(_ => ContentSecurityPolicyReportOnlyMiddleware.ContentSecurityPolicyHeader(configuration));
return(builder);
}
public static BuildFunc UseHelloWorld(this BuildFunc builder)
{
return builder.Use(HelloWorldMiddleware.Create());
}
public static BuildFunc Use(this BuildFunc builder, MidFunc middleware)
{
builder(middleware);
return builder;
}
public static BuildFunc UseLayimApi(this BuildFunc builder, LayimStorage storage, LayimOptions options, RouteCollection routes)
{
builder(_ => UseLayimApi(storage, options, routes));
return(builder);
}
/// <summary>
/// Adds the "X-Xss-Protection" header to the response.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <param name="disabled">true to set the heade value to "0". false (Default) to set the header value to"1; mode=block".</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc XssProtectionHeader(this BuildFunc builder, bool disabled = false)
{
return(builder.XssProtectionHeader(disabled ? XssProtectionOption.Disabled : XssProtectionOption.EnabledWithModeBlock));
}
/// <summary>
/// Adds the "X-Frame-Options" header with the given option to the response.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <param name="option">The X-Frame option.</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc AntiClickjackingHeader(this BuildFunc builder, XFrameOption option)
{
builder(_ => AntiClickjackingMiddleware.AntiClickjackingHeader(option));
return(builder);
}
/// <summary>
/// Adds the "X-Frame-Options" header with value DENY to the response.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc AntiClickjackingHeader(this BuildFunc builder)
{
return(AntiClickjackingHeader(builder, XFrameOption.Deny));
}
public static BuildFunc UseAuthPlatform(this BuildFunc buildFunc, string requiredScope)
{
buildFunc(next => Authorization.Middleware(next, requiredScope));
buildFunc(next => IdToken.Middleware(next));
return(buildFunc);
}
/// <summary>
/// Adds the "Strict-Transport-Security" (STS) header to the response.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <param name="options">The Strict-Transport-Security options.</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc StrictTransportSecurity(this BuildFunc builder, StrictTransportSecurityOptions options = null)
{
options = options ?? new StrictTransportSecurityOptions();
builder(_ => StrictTransportSecurityHeaderMiddleware.StrictTransportSecurityHeader(options));
return(builder);
}
/// <summary>
/// Adds the "X-Xss-Protection" header to the response.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <param name="option">The Xss-Protection options.</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc XssProtectionHeader(this BuildFunc builder, XssProtectionOption option)
{
builder(_ => XssProtectionHeaderMiddleware.XssProtectionHeader(option));
return(builder);
}
private static void Configure(BuildFunc builder)
{
builder.UseHelloWorld();
}
/// <summary>
/// Adds the "X-Content-Type-Options" header with value "nosniff" to the response.
/// </summary>
/// <param name="builder">The OWIN builder instance.</param>
/// <returns>The OWIN builder instance.</returns>
public static BuildFunc ContentTypeOptions(this BuildFunc builder)
{
builder(_ => ContenTypeOptionsHeaderMiddleware.ContentTypeOptionsHeader());
return(builder);
}
public AppBuilderFaker(IDictionary <string, object> properties, BuildFunc builder)
{
this.builder = builder;
Properties = properties;
}
