public static string ToFormatedString(this ContentSecurityPolicyConstants.FetchDirectives directive)
{
return(directive switch
{
ContentSecurityPolicyConstants.FetchDirectives.ChildSrc => ChildSrc,
ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc => ConnectSrc,
ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc => DefaultSrc,
ContentSecurityPolicyConstants.FetchDirectives.FontSrc => FontSrc,
ContentSecurityPolicyConstants.FetchDirectives.FrameSrc => FrameSrc,
ContentSecurityPolicyConstants.FetchDirectives.ImgSrc => ImgSrc,
ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc => ManifestSrc,
ContentSecurityPolicyConstants.FetchDirectives.MediaSrc => MediaSrc,
ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc => ObjectSrc,
ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc => PrefetchSrc,
ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc => ScriptSrc,
ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem => ScriptSrcElem,
ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr => ScriptSrcAttr,
ContentSecurityPolicyConstants.FetchDirectives.StyleSrc => StyleSrc,
ContentSecurityPolicyConstants.FetchDirectives.StyleSrcElem => StyleSrcElem,
ContentSecurityPolicyConstants.FetchDirectives.StyleSrcAttr => StyleSrcAttr,
ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc => WorkerSrc,
_ => DefaultSrc
});
/// <summary>
/// Adds a list of content security to which the provided directive is applied.
/// </summary>
/// <param name="directive">Directive to apply.</param>
/// <param name="fetchDirective">Content security fetch directive.</param>
/// <param name="hostSources">List of uri if the directive requires one.</param>
/// <param name="schemeSources">List of scheme source authorized.</param>
/// <param name="reportOnly">Indicates whether the rules are only there to generate a report.</param>
/// <returns></returns>
public SecurityHeadersBuilder AddContentSecurityPolicy(CommonPolicyDirective.Directive directive, ContentSecurityPolicyConstants.FetchDirectives fetchDirective, CommonPolicySchemeSource.SchemeSources schemeSources, IList <Uri> hostSources = null, bool reportOnly = true)
{
if (reportOnly && _reportUri == null)
{
throw new ReportUriMissingException();
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FontSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FontSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc, directive);
}
string header = ContentSecurityToString(hostSources);
header += SchemeSourceToString(schemeSources);
if (_reportUri != null)
{
header += "; " + CommonPolicyDirective.ReportUri + " " + _reportUri.AbsoluteUri;
}
if (reportOnly)
{
_policy.SetHeaders[ContentSecurityPolicyConstants.HeaderReportOnly] = header;
}
else
{
_policy.SetHeaders[ContentSecurityPolicyConstants.Header] = header;
}
return(this);
}
