public static string ToFormatedString(this ContentSecurityPolicyConstants.FetchDirectives directive) { return(directive switch { ContentSecurityPolicyConstants.FetchDirectives.ChildSrc => ChildSrc, ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc => ConnectSrc, ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc => DefaultSrc, ContentSecurityPolicyConstants.FetchDirectives.FontSrc => FontSrc, ContentSecurityPolicyConstants.FetchDirectives.FrameSrc => FrameSrc, ContentSecurityPolicyConstants.FetchDirectives.ImgSrc => ImgSrc, ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc => ManifestSrc, ContentSecurityPolicyConstants.FetchDirectives.MediaSrc => MediaSrc, ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc => ObjectSrc, ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc => PrefetchSrc, ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc => ScriptSrc, ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem => ScriptSrcElem, ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr => ScriptSrcAttr, ContentSecurityPolicyConstants.FetchDirectives.StyleSrc => StyleSrc, ContentSecurityPolicyConstants.FetchDirectives.StyleSrcElem => StyleSrcElem, ContentSecurityPolicyConstants.FetchDirectives.StyleSrcAttr => StyleSrcAttr, ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc => WorkerSrc, _ => DefaultSrc });
/// <summary> /// Adds a list of content security to which the provided directive is applied. /// </summary> /// <param name="directive">Directive to apply.</param> /// <param name="fetchDirective">Content security fetch directive.</param> /// <param name="hostSources">List of uri if the directive requires one.</param> /// <param name="schemeSources">List of scheme source authorized.</param> /// <param name="reportOnly">Indicates whether the rules are only there to generate a report.</param> /// <returns></returns> public SecurityHeadersBuilder AddContentSecurityPolicy(CommonPolicyDirective.Directive directive, ContentSecurityPolicyConstants.FetchDirectives fetchDirective, CommonPolicySchemeSource.SchemeSources schemeSources, IList <Uri> hostSources = null, bool reportOnly = true) { if (reportOnly && _reportUri == null) { throw new ReportUriMissingException(); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FontSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FontSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem, directive); } if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc)) { _directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc, directive); } string header = ContentSecurityToString(hostSources); header += SchemeSourceToString(schemeSources); if (_reportUri != null) { header += "; " + CommonPolicyDirective.ReportUri + " " + _reportUri.AbsoluteUri; } if (reportOnly) { _policy.SetHeaders[ContentSecurityPolicyConstants.HeaderReportOnly] = header; } else { _policy.SetHeaders[ContentSecurityPolicyConstants.Header] = header; } return(this); }