/// <summary>
/// Adds the Frame-Options and X-Frame-Options headers to responses with content type text/html.
/// </summary>
/// <param name="app"></param>
/// <param name="configure"></param>
public static void UseFrameOptions(this IApplicationBuilder app, Action <FrameOptionsOptions> configure)
{
if (configure == null)
{
throw new ArgumentNullException(nameof(configure));
}
FrameOptionsOptions options = new FrameOptionsOptions();
configure(options);
app.UseFrameOptions(options);
}
public void Called_DenyOptionSet()
{
//Arrange
FrameOptionsOptionsBuilder builder = new FrameOptionsOptionsBuilder();
//Act
builder.Deny();
//Assert
FrameOptionsOptions result = builder.Build();
Assert.Equal(FrameOption.Deny, result.Option);
}
public void Called_SameOriginOptionSet()
{
//Arrange
FrameOptionsOptionsBuilder builder = new FrameOptionsOptionsBuilder();
//Act
builder.SameOrigin();
//Assert
FrameOptionsOptions result = builder.Build();
Assert.Equal(FrameOption.SameOrigin, result.Option);
}
public void Called_DomainOptionSet()
{
//Arrange
FrameOptionsOptionsBuilder builder = new FrameOptionsOptionsBuilder();
string domain = "example.com";
//Act
builder.AllowFrom(domain);
//Assert
FrameOptionsOptions result = builder.Build();
Assert.Equal(FrameOption.AllowFromDomain, result.Option);
Assert.Equal(domain, result.AllowedDomain);
}
public FrameOptionsMiddleware(RequestDelegate next, FrameOptionsOptions options)
{
_next = next;
Options = options ?? throw new ArgumentNullException(nameof(options));
_headerValue = Options.ToString();
}
/// <summary>
/// Adds the Frame-Options and X-Frame-Options headers to responses with content type text/html.
/// </summary>
/// <param name="app"></param>
/// <param name="options"></param>
public static void UseFrameOptions(this IApplicationBuilder app, FrameOptionsOptions options)
{
app.UseMiddleware <FrameOptionsMiddleware>(options);
}