/// <summary>
/// Adds the Frame-Options and X-Frame-Options headers to responses with content type text/html.
/// </summary>
/// <param name="app"></param>
/// <param name="policy"></param>
public static void UseFrameOptions(this IApplicationBuilder app, FrameOptionsPolicy policy = FrameOptionsPolicy.Deny)
{
if (policy == FrameOptionsPolicy.AllowFrom)
{
throw new ArgumentException("This overload can't be used to configure ALLOW-FROM policy.", nameof(policy));
}
app.UseFrameOptions(new FrameOptionsOptions(policy));
}
public FrameOptionsDirective(FrameOptionsPolicy policy = FrameOptionsPolicy.Deny)
{
this.Policy = policy;
}
public static IServiceCollection AddFrameOptions(this IServiceCollection services, FrameOptionsPolicy policy = FrameOptionsPolicy.Deny)
{
if (policy == FrameOptionsPolicy.AllowFrom)
{
throw new ArgumentException("This overload can't be used to configure ALLOW-FROM policy.", nameof(policy));
}
return(services.AddFrameOptions(new FrameOptionsDirective(policy)));
}
public FrameOptionsAttribute(FrameOptionsPolicy policy)
{
Policy = policy;
}
public FrameOptionsOptions(FrameOptionsPolicy policy = FrameOptionsPolicy.Deny)
{
this.Policy = policy;
}
public static void SetFrameOptions(this HttpContext context, FrameOptionsPolicy policy)
{
context.Items[nameof(FrameOptionsPolicy)] = policy;
}
