void AppBeginRequest(object sender, EventArgs e)
        {
            var app = (HttpApplication)sender;
            var context = new HttpContextWrapper(app.Context);

            if (_cspUpgradeRequestHelper.UaSupportsUpgradeInsecureRequests(context.Request) && _cspUpgradeRequestHelper.TryUpgradeInsecureRequest(context))
            {
                return;
            }

            _configHeaderSetter.SetSitewideHeadersFromConfig(context);

            if (!_cspReportHelper.IsRequestForBuiltInCspReportHandler(context.Request)) return;

            CspViolationReport cspReport;
            if (_cspReportHelper.TryGetCspReportFromRequest(context.Request, out cspReport))
            {
                var eventArgs = new CspViolationReportEventArgs { ViolationReport = cspReport };
                OnCspViolationReport(eventArgs);
                context.Response.StatusCode = 204;
                app.CompleteRequest();
            }
            else
            {
                context.Response.StatusCode = 400;
                app.CompleteRequest();
            }
        }
 protected virtual void OnCspViolationReport(CspViolationReportEventArgs e)
 {
     if (CspViolationReported != null)
     {
         //Invokes the delegates.
         CspViolationReported(this, e);
     }
 }
Ejemplo n.º 3
0
 /// <summary>
 /// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig.
 /// </summary>
 /// <param name="sender">The source of the event.</param>
 /// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param>
 protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
 {
     // Log the Content Security Policy (CSP) violation.
     CspViolationReport violationReport = e.ViolationReport;
     CspReportDetails reportDetails = violationReport.Details;
     string violationReportString =
         $"UserAgent:<{violationReport.UserAgent}>\r\nBlockedUri:<{reportDetails.BlockedUri}>\r\nColumnNumber:<{reportDetails.ColumnNumber}>\r\nDocumentUri:<{reportDetails.DocumentUri}>\r\nEffectiveDirective:<{reportDetails.EffectiveDirective}>\r\nLineNumber:<{reportDetails.LineNumber}>\r\nOriginalPolicy:<{reportDetails.OriginalPolicy}>\r\nReferrer:<{reportDetails.Referrer}>\r\nScriptSample:<{reportDetails.ScriptSample}>\r\nSourceFile:<{reportDetails.SourceFile}>\r\nStatusCode:<{reportDetails.StatusCode}>\r\nViolatedDirective:<{reportDetails.ViolatedDirective}>";
     CspViolationException exception = new CspViolationException(violationReportString);
     DependencyResolver.Current.GetService<ILoggingService>().Log(exception);
 }
Ejemplo n.º 4
0
 protected void NWebSecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
 {
     var report = e.ViolationReport;
 }
Ejemplo n.º 5
0
 /// <summary>
 /// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig.
 /// </summary>
 /// <param name="sender">The source of the event.</param>
 /// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param>
 protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
 {
     // Log the Content Security Policy (CSP) violation.
     CspViolationException exception = new CspViolationException(e.ViolationReport);
     DependencyResolver.Current.GetService<ILoggingService>().Log(exception);
 }