private static IFluentCspOptions UseCspScripts(this IFluentCspOptions configurer, WebOptions.HostingOptions.CspOptions.CspDirectiveScripts cspDirective)
{
if (configurer == null)
{
throw new ArgumentNullException(nameof(configurer));
}
if (cspDirective == null)
{
throw new ArgumentNullException(nameof(cspDirective));
}
if (!cspDirective.IsEnabled)
{
return(configurer);
}
configurer
.ScriptSources(x =>
{
if (cspDirective.IsNone)
{
x.None();
}
else
{
if (cspDirective.IsSelf)
{
x.Self();
}
if (cspDirective.IsUnsafeEval)
{
x.UnsafeEval();
}
if (cspDirective.IsUnsafeInline)
{
x.UnsafeInline();
}
if (cspDirective.StrictDynamic)
{
x.StrictDynamic();
}
if (cspDirective.Sources.Any())
{
x.CustomSources(cspDirective.Sources);
}
}
});
return(configurer);
}
private static IFluentCspOptions UseCspPluginTypes(this IFluentCspOptions configurer, string[] pluginTypes)
{
if (configurer == null)
{
throw new ArgumentNullException(nameof(configurer));
}
if (!pluginTypes.Any())
{
return(configurer);
}
configurer
.PluginTypes(x =>
x.MediaTypes(pluginTypes));
return(configurer);
}
private static IFluentCspOptions UseCspReportUris(this IFluentCspOptions configurer, string[] reportUris)
{
if (configurer == null)
{
throw new ArgumentNullException(nameof(configurer));
}
if (!reportUris.Any())
{
return(configurer);
}
configurer
.ReportUris(x =>
x.Uris(reportUris));
return(configurer);
}
void DefineContentSecurityPolicy(IFluentCspOptions csp)
{
var fontSources = new string[] {
"https://fonts.gstatic.com"
};
var imageSources = new string[] {
"data:"
};
var reportUris = new string[] {
"https://mikeandwanus.report-uri.com/r/d/csp/enforce"
};
var scriptSources = new string[] {
"https://cdn.jsdelivr.net",
"https://stackpath.bootstrapcdn.com"
};
var styleSources = new string[] {
"https://fonts.googleapis.com"
};
csp
.DefaultSources(s => s.None())
.FontSources(s => s.CustomSources(fontSources))
.ImageSources(s => {
s.Self();
s.CustomSources(imageSources);
})
.ManifestSources(s => s.Self())
.ObjectSources(s => s.None())
.ReportUris(s => s.Uris(reportUris))
.ScriptSources(s => {
s.Self();
s.UnsafeInline(); // needed by identityserver
s.CustomSources(scriptSources);
})
.StyleSources(s => {
s.Self();
s.UnsafeInline();
s.CustomSources(styleSources);
});
}
private static IFluentCspOptions UseCspObjects(this IFluentCspOptions configurer, WebOptions.HostingOptions.CspOptions.CspDirective cspDirective)
{
if (configurer == null)
{
throw new ArgumentNullException(nameof(configurer));
}
if (cspDirective == null)
{
throw new ArgumentNullException(nameof(cspDirective));
}
if (!cspDirective.IsEnabled)
{
return(configurer);
}
configurer
.ObjectSources(x =>
{
if (cspDirective.IsNone)
{
x.None();
}
else
{
if (cspDirective.IsSelf)
{
x.Self();
}
if (cspDirective.Sources.Any())
{
x.CustomSources(cspDirective.Sources);
}
}
});
return(configurer);
}
void DefineContentSecurityPolicy(IFluentCspOptions csp)
{
var fontSources = new string[] {
"https://fonts.gstatic.com"
};
var imageSources = new string[] {
"data:"
};
var scriptSources = new string[] {
"https://cdn.jsdelivr.net"
};
var styleSources = new string[] {
"https://fonts.googleapis.com"
};
var workerSources = new string[] {
"blob:"
};
csp
.DefaultSources(s => s.None())
.BaseUris(s => s.Self())
.ConnectSources(s => s.Self())
.FontSources(s => s.CustomSources(fontSources))
.ImageSources(s => s.CustomSources(imageSources))
.ScriptSources(s => {
s.UnsafeInline();
s.CustomSources(scriptSources);
})
.StyleSources(s => {
s.UnsafeInline();
s.CustomSources(styleSources);
})
.WorkerSources(s => s.CustomSources(workerSources));
}
void DefineContentSecurityPolicy(IFluentCspOptions csp)
{
// https://developers.google.com/maps/documentation/javascript/content-security-policy
var connectSources = new string[] {
"https://*.googleapis.com",
"https://*.google.com",
"https://*.gstatic.com",
"https://*.google-analytics.com"
};
var fontSources = new string[] {
"https://fonts.gstatic.com",
"https://cdnjs.cloudflare.com"
};
var frameSources = new string[] {
"https://*.google.com"
};
var imageSources = new string[] {
"data:",
"https://*.google.com",
"https://*.gstatic.com",
"https://*.googleapis.com",
"https://*.googleusercontent.com",
"https://*.google-analytics.com",
"https://vortex.accuweather.com"
};
var reportUris = new string[] {
"https://mikeandwanus.report-uri.com/r/d/csp/enforce"
};
var scriptSources = new string[] {
// bootstrap
"https://cdn.jsdelivr.net",
"https://cdnjs.cloudflare.com",
"https://stackpath.bootstrapcdn.com",
"https://*.google.com",
"https://*.gstatic.com",
"https://*.googleapis.com",
"https://*.google-analytics.com",
"https://*.ggpht.com",
"https://*.googleusercontent.com",
"https://www.googletagmanager.com",
"https://www.accuweather.com",
"https://oap.accuweather.com",
"https://vortex.accuweather.com"
};
var styleSources = new string[] {
"https://cdnjs.cloudflare.com",
"https://fonts.googleapis.com",
"https://vortex.accuweather.com"
};
csp
.DefaultSources(s => s.None())
.BaseUris(s => s.Self())
.ConnectSources(s =>
{
s.Self();
s.CustomSources(connectSources);
})
.FontSources(s => s.CustomSources(fontSources))
.FrameSources(s => s.CustomSources(frameSources))
.ImageSources(s =>
{
s.Self();
s.CustomSources(imageSources);
})
.ManifestSources(s => s.Self())
.MediaSources(s => s.Self())
.ObjectSources(s => s.None())
.ReportUris(s => s.Uris(reportUris))
.ScriptSources(s =>
{
s.Self();
s.UnsafeInline();
s.CustomSources(scriptSources);
})
.StyleSources(s =>
{
s.Self();
s.UnsafeInline();
s.CustomSources(styleSources);
});
}
private static IFluentCspOptions UseCspSandbox(this IFluentCspOptions configurer, WebOptions.HostingOptions.CspOptions.CspDirectiveSandbox cspDirectiveSandbox)
{
if (configurer == null)
{
throw new ArgumentNullException(nameof(configurer));
}
if (cspDirectiveSandbox == null)
{
throw new ArgumentNullException(nameof(cspDirectiveSandbox));
}
if (!cspDirectiveSandbox.IsEnabled)
{
return(configurer);
}
configurer
.Sandbox(y =>
{
if (cspDirectiveSandbox.AllowForms)
{
y.AllowForms();
}
if (cspDirectiveSandbox.AllowModals)
{
y.AllowModals();
}
if (cspDirectiveSandbox.AllowOrientationLock)
{
y.AllowOrientationLock();
}
if (cspDirectiveSandbox.AllowPointerLock)
{
y.AllowPointerLock();
}
if (cspDirectiveSandbox.AllowPopups)
{
y.AllowPopups();
}
if (cspDirectiveSandbox.AllowPopupsToEscapeSandbox)
{
y.AllowPopupsToEscapeSandbox();
}
if (cspDirectiveSandbox.AllowPresentation)
{
y.AllowPresentation();
}
if (cspDirectiveSandbox.AllowSameOrigin)
{
y.AllowSameOrigin();
}
if (cspDirectiveSandbox.AllowScripts)
{
y.AllowScripts();
}
if (cspDirectiveSandbox.AllowTopNavigation)
{
y.AllowTopNavigation();
}
});
return(configurer);
}
