public void GetCspStyleNonce_StyleNonceRequestedNoOverrides_ClonesBaseConfigAndOverridesNonce()
{
var cspConfig = new CspConfiguration();
var cspConfigReportOnly = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
var overrideConfigReportOnly = new CspOverrideConfiguration();
var clonedCspDirective = new CspDirectiveConfiguration();
var clonedCspReportOnlyDirective = new CspDirectiveConfiguration();
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny <HttpContextBase>(), false)).Returns(cspConfig);
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny <HttpContextBase>(), true)).Returns(cspConfigReportOnly);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), false, false)).Returns(overrideConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), true, false)).Returns(overrideConfigReportOnly);
//No overrides
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc)).Returns((ICspDirectiveConfiguration)null);
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc)).Returns((ICspDirectiveConfiguration)null);
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(cspConfig, CspDirectives.StyleSrc)).Returns(clonedCspDirective);
_directiveConfigMapper.Setup(m => m.GetCspDirectiveConfigCloned(cspConfigReportOnly, CspDirectives.StyleSrc)).Returns(clonedCspReportOnlyDirective);
_directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc, clonedCspDirective));
_directiveConfigMapper.Setup(m => m.SetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc, clonedCspReportOnlyDirective));
var nonce = CspConfigurationOverrideHelper.GetCspStyleNonce(MockContext);
Assert.AreEqual(nonce, clonedCspDirective.Nonce);
Assert.AreEqual(nonce, clonedCspReportOnlyDirective.Nonce);
_directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfig, CspDirectives.StyleSrc, clonedCspDirective), Times.Once);
_directiveConfigMapper.Verify(m => m.SetCspDirectiveConfig(overrideConfigReportOnly, CspDirectives.StyleSrc, clonedCspReportOnlyDirective), Times.Once);
}
/// <summary>
/// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
/// </summary>
/// <param name="helper"></param>
public static IHtmlString CspStyleNonce(this HtmlHelper helper)
{
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);
if (context.Items["NWebsecStyleNonceSet"] == null)
{
context.Items["NWebsecStyleNonceSet"] = "set";
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
}
return(CreateNonceAttribute(helper, nonce));
}
/// <summary>
/// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
/// </summary>
/// <param name="helper"></param>
public static IHtmlString CspStyleNonce(this HtmlHelper helper)
{
var context = new HttpContextWrapper(helper.ViewContext.HttpContext);
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);
if (context.GetItem <string>("NWebsecStyleNonceSet") == null)
{
context.SetItem("NWebsecStyleNonceSet", "set");
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
}
return(CreateNonceAttribute(helper, nonce));
}