/// <summary>
        /// Adds a <c>X-XSS-Protection</c> header to the response.
        /// </summary>
        /// <param name="builder"></param>
        /// <param name="enabled">Determines whether the header value is <c>1</c> or <c>0</c>.</param>
        /// <param name="mode">Appends the block mode to the header value, e.g. <c>; mode=deny</c>.</param>
        /// <returns></returns>
        public static IApplicationBuilder UseXXSSProtectionHeader(this IApplicationBuilder builder, bool enabled = true, XXSSProtectionMode mode = XXSSProtectionMode.Block)
        {
            var options = new XXSSProtectionHeaderOptions
            {
                Enabled = enabled,
                Mode    = mode
            };

            return(builder.UseMiddleware <XXSSProtectionHeaderMiddleware>(Options.Create(options)));
        }
Beispiel #2
0
        private static string BuildHeaderValue(XXSSProtectionHeaderOptions options)
        {
            var value = $"{Convert.ToInt32(options.Enabled)}";

            if (options.Enabled && options.Mode == XXSSProtectionMode.Block)
            {
                value += "; mode=block";
            }

            return(value);
        }
 /// <summary>
 /// Adds a <c>X-XSS-Protection</c> header to the response.
 /// </summary>
 /// <param name="builder"></param>
 /// <param name="options">The options configuring the <c>X-XSS-Protection</c> header value.</param>
 /// <returns></returns>
 public static IApplicationBuilder UseXXSSProtectionHeader(this IApplicationBuilder builder, XXSSProtectionHeaderOptions options)
 {
     return(builder.UseMiddleware <XXSSProtectionHeaderMiddleware>(Options.Create(options)));
 }