internal void SetReferrerPolicyHeader(IHttpContextWrapper httpContext, NWebsecContext nwebsecContext)
{
nwebsecContext.ReferrerPolicy = WebConfig.SecurityHttpHeaders.ReferrerPolicy;
var result = _headerGenerator.CreateReferrerPolicyResult(WebConfig.SecurityHttpHeaders.ReferrerPolicy);
_headerResultHandler.HandleHeaderResult(httpContext, result);
}
internal void SetXRobotsTagHeader(IHttpContextWrapper httpContext, NWebsecContext nwebsecContext)
{
nwebsecContext.XRobotsTag = WebConfig.XRobotsTag;
var result = _headerGenerator.CreateXRobotsTagResult(WebConfig.XRobotsTag);
_headerResultHandler.HandleHeaderResult(httpContext, result);
}
internal void SetXDownloadOptionsHeader(IHttpContextWrapper httpContext, NWebsecContext nwebsecContext)
{
nwebsecContext.XDownloadOptions = WebConfig.SecurityHttpHeaders.XDownloadOptions;
var result = _headerGenerator.CreateXDownloadOptionsResult(WebConfig.SecurityHttpHeaders.XDownloadOptions);
_headerResultHandler.HandleHeaderResult(httpContext, result);
}
internal void SetXDownloadOptionsHeader(HttpResponseBase response, NWebsecContext nwebsecContext)
{
nwebsecContext.XDownloadOptions = WebConfig.SecurityHttpHeaders.XDownloadOptions;
var result = _headerGenerator.CreateXDownloadOptionsResult(WebConfig.SecurityHttpHeaders.XDownloadOptions);
_headerResultHandler.HandleHeaderResult(response, result);
}
internal void SetXRobotsTagHeader(HttpResponseBase response, NWebsecContext nwebsecContext)
{
nwebsecContext.XRobotsTag = WebConfig.XRobotsTag;
var result = _headerGenerator.CreateXRobotsTagResult(WebConfig.XRobotsTag);
_headerResultHandler.HandleHeaderResult(response, result);
}
public ConfigurationHeaderSetterTests()
{
_mockRequest = new Mock <HttpRequestBase>();
_mockRequest.Setup(r => r.UserAgent).Returns("Ninja CSP browser");
var mockResponse = new Mock <HttpResponseBase>();
mockResponse.Setup(r => r.Headers).Returns(new NameValueCollection());
var mockedContext = new Mock <HttpContextBase>();
mockedContext.SetupAllProperties();
mockedContext.Setup(c => c.Request).Returns(_mockRequest.Object);
mockedContext.Setup(c => c.Response).Returns(mockResponse.Object);
_expectedHeaderResult = new HeaderResult(HeaderResult.ResponseAction.Set, "SomeHeader", "SomeValue");
_mockHeaderGenerator = new Mock <IHeaderGenerator>(MockBehavior.Strict);
_mockHeaderResultHandler = new Mock <IHeaderResultHandler>(MockBehavior.Strict);
_mockHeaderResultHandler.Setup(h => h.HandleHeaderResult(It.IsAny <IHttpContextWrapper>(), _expectedHeaderResult));
_mockHandlerHelper = new Mock <IHandlerTypeHelper>();
_mockCspReportHelper = new Mock <ICspReportHelper>(MockBehavior.Strict);
var mockContextBase = mockedContext.Object;
_httpContext = new Mock <IHttpContextWrapper>().Object;
Mock.Get(_httpContext).Setup(ctx => ctx.GetOriginalHttpContext <HttpContextBase>()).Returns(mockContextBase);
_config = new HttpHeaderSecurityConfigurationSection();
_configHeaderSetter = new ConfigurationHeaderSetter(_config, _mockHeaderGenerator.Object, _mockHeaderResultHandler.Object, _mockHandlerHelper.Object, _mockCspReportHelper.Object);
_nwebsecContext = new NWebsecContext();
}
private ConfigurationOverrides GetConfigOverrides(NWebsecContext context)
{
if (context.ConfigOverrides == null)
{
context.ConfigOverrides = new ConfigurationOverrides();
}
return(context.ConfigOverrides);
}
public ContextConfigurationHelperTests()
{
_systemWebContext = new NWebsecContext();
_owinContext = new NWebsecContext();
_mockContext = new Mock <IHttpContextWrapper>().Object;
Mock.Get(_mockContext).Setup(c => c.GetNWebsecContext()).Returns(_systemWebContext);
_contextHelper = new ContextConfigurationHelper();
}
internal void SetNoCacheHeadersFromConfig(IHttpContextWrapper context, NWebsecContext nwebsecContext)
{
if (!WebConfig.NoCacheHttpHeaders.Enabled || _handlerHelper.IsUnmanagedHandler(context) || _handlerHelper.IsStaticContentHandler(context))
{
return;
}
nwebsecContext.NoCacheHeaders = WebConfig.NoCacheHttpHeaders;
context.SetNoCacheHeaders();
}
public ContextConfigurationHelperTests()
{
_nwContext = new NWebsecContext();
var mockContext = new Mock <HttpContext>();
mockContext.Setup(c => c.Items["nwebsec.Context"]).Returns(_nwContext);
_mockContext = mockContext.Object;
_contextHelper = new ContextConfigurationHelper();
}
public void GetNWebsecOwinContext_HasContext_ReturnsContext()
{
var owinContext = new NWebsecContext();
var owinEnv = new Dictionary <string, object>();
owinEnv[NWebsecContext.ContextKey] = owinContext;
_mockContext.Items["owin.Environment"] = owinEnv;
var result = _mockContext.GetNWebsecOwinContext();
Assert.Same(owinContext, result);
}
public void Setup()
{
_systemWebContext = new NWebsecContext();
_owinContext = new NWebsecContext();
var mockContext = new Mock <HttpContextBase>();
mockContext.Setup(c => c.Items["nwebsec.Context"]).Returns(_systemWebContext);
_mockContext = mockContext.Object;
_contextHelper = new ContextConfigurationHelper();
}
internal void SetXXssProtectionHeader(IHttpContextWrapper context, NWebsecContext nwebsecContext)
{
if (_handlerHelper.IsUnmanagedHandler(context) || _handlerHelper.IsStaticContentHandler(context))
{
return;
}
nwebsecContext.XXssProtection = WebConfig.SecurityHttpHeaders.XXssProtection;
var result = _headerGenerator.CreateXXssProtectionResult(WebConfig.SecurityHttpHeaders.XXssProtection);
_headerResultHandler.HandleHeaderResult(context, result);
}
public void GetNWebsecOwinContext_HasContext_ReturnsContext()
{
var owinContext = new NWebsecContext();
var owinEnv = new Dictionary <string, object> {
[NWebsecContext.ContextKey] = owinContext
};
_httpContextBase.Items["owin.Environment"] = owinEnv;
var result = _contextWrapper.GetNWebsecOwinContext();
Assert.Same(owinContext, result);
}
internal void SetCspHeaders(IHttpContextWrapper context, NWebsecContext nwebsecContext, bool reportOnly)
{
if (_handlerHelper.IsStaticContentHandler(context) ||
_handlerHelper.IsUnmanagedHandler(context))
{
return;
}
ICspConfiguration cspConfig;
if (reportOnly)
{
cspConfig = nwebsecContext.CspReportOnly = WebConfig.SecurityHttpHeaders.CspReportOnly;
}
else
{
cspConfig = nwebsecContext.Csp = WebConfig.SecurityHttpHeaders.Csp;
}
var result = _headerGenerator.CreateCspResult(cspConfig, reportOnly, _reportHelper.GetBuiltInCspReportHandlerRelativeUri());
_headerResultHandler.HandleHeaderResult(context, result);
}
private ConfigurationOverrides GetConfigOverrides(NWebsecContext context)
{
return(context.ConfigOverrides ?? (context.ConfigOverrides = new ConfigurationOverrides()));
}
