private static string SchemeSourceToString(CommonPolicySchemeSource.SchemeSources schemeSources) { if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.None)) { return(null); } List <CommonPolicySchemeSource.SchemeSources> schemeSourceList = new List <CommonPolicySchemeSource.SchemeSources>(); if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.Blob)) { schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.Blob); } if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.Data)) { schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.Data); } if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.FileSystem)) { schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.FileSystem); } if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.MediaStream)) { schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.MediaStream); } string value = null; foreach (CommonPolicySchemeSource.SchemeSources schemeSource in schemeSourceList) { value += " " + schemeSource.ToFormatedString(); } return(value); }
public static string ToFormatedString(this CommonPolicySchemeSource.SchemeSources schemeSource) { return(schemeSource switch { CommonPolicySchemeSource.SchemeSources.Data => Data, CommonPolicySchemeSource.SchemeSources.MediaStream => MediaStream, CommonPolicySchemeSource.SchemeSources.Blob => Blob, CommonPolicySchemeSource.SchemeSources.FileSystem => FileSystem, _ => None, });
/// <summary> /// Adds a list of content security to which the provided directive is applied. /// </summary> /// <param name="directive">Directive to apply.</param> /// <param name="fetchDirective">Content security fetch directive.</param> /// <param name="hostSources">List of uri if the directive requires one.</param> /// <param name="schemeSources">List of scheme source authorized.</param> /// <param name="reportOnly">Indicates whether the rules are only there to generate a report.</param> /// <returns></returns> public SecurityHeadersBuilder AddContentSecurityPolicy(CommonPolicyDirective.Directive directive, ContentSecurityPolicyConstants.FetchDirectives fetchDirective, CommonPolicySchemeSource.SchemeSources schemeSources, IList <Uri> hostSources = null, bool reportOnly = true) { if (reportOnly && _reportUri == null) { throw new ReportUriMissingException(); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FontSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FontSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc, directive); } string header = ContentSecurityToString(hostSources); header += SchemeSourceToString(schemeSources); if (_reportUri != null) { header += "; " + CommonPolicyDirective.ReportUri + " " + _reportUri.AbsoluteUri; } if (reportOnly) { _policy.SetHeaders[ContentSecurityPolicyConstants.HeaderReportOnly] = header; } else { _policy.SetHeaders[ContentSecurityPolicyConstants.Header] = header; } return(this); }