private SecurityHeadersPolicyBuilder WithCsp(bool reportOnly, ContentSecurityPolicyHeaderValue csp)
{
_policy.Csp = csp;
_policy.IsCspReportOnly = reportOnly;
return(this);
}
public ContentSecurityPolicyInlineExecutionFeature(ContentSecurityPolicyHeaderValue csp, ConcurrentDictionary <string, string> hashesCache)
{
if (csp == null)
{
throw new ArgumentNullException(nameof(csp));
}
_hashesCache = hashesCache ?? throw new ArgumentNullException(nameof(hashesCache));
ScriptInlineExecution = csp.ScriptInlineExecution;
StyleInlineExecution = csp.StyleInlineExecution;
if ((ScriptInlineExecution == ContentSecurityPolicyInlineExecution.Nonce) || (StyleInlineExecution == ContentSecurityPolicyInlineExecution.Nonce))
{
Nonce = GenerateNonce();
}
if (ScriptInlineExecution.IsHashBased())
{
ScriptsHashes = new List <string>();
}
if (StyleInlineExecution.IsHashBased())
{
StylesHashes = new List <string>();
}
}
/// <summary>
/// Adds the Content Security Policy to the policy.
/// </summary>
/// <param name="csp">The Content Security Policy.</param>
/// <returns>The current policy builder.</returns>
public SecurityHeadersPolicyBuilder WithCsp(ContentSecurityPolicyHeaderValue csp)
{
return(WithCsp(false, csp));
}
/// <summary>
/// Adds the report only Content Security Policy to the policy.
/// </summary>
/// <param name="csp">The Content Security Policy.</param>
/// <returns>The current policy builder.</returns>
public SecurityHeadersPolicyBuilder WithReportOnlyCsp(ContentSecurityPolicyHeaderValue csp)
{
return(WithCsp(true, csp));
}
