public void AddContentSecurityPolicy(IContentSecurityPolicy policy)
{
if (_contentSecurityEnforcers == null)
{
_contentSecurityEnforcers = new List <IContentSecurityPolicy>();
}
_contentSecurityEnforcers.Add(policy);
}
private void CreateReportCSP(IContentSecurityPolicy policy, HttpRequestArgs args)
{
if (policy != null)
{
var policyValue = policy.ToString();
BuildCSP(policyValue, ContentSecurityPolicyHeaderReportOnly, args);
BuildCSP(policyValue, XContentSecurityPolicyHeaderReportOnly, args);
}
}
private IContentSecurityPolicy CreatePolicy(Item currentItem, string fieldId)
{
IContentSecurityPolicy policy = null;
var cspField = (LookupField)currentItem.Fields[fieldId];
if (cspField != null)
{
var cspItem = cspField.TargetItem;
policy = Map(cspItem);
}
return(policy);
}
private void CreateXFrameOptions(IContentSecurityPolicy policy, HttpRequestArgs args)
{
if (policy != null)
{
if (policy.FrameAncestors != null)
{
CreateXFrameOptionsHeaderBasedOnPolicySource(policy.FrameAncestors, args);
}
// fall back to Default policy
else if (policy.Default != null)
{
CreateXFrameOptionsHeaderBasedOnPolicySource(policy.Default, args);
}
// if nothing is set, default back to default setting: Sameorigin
else
{
args.Context.Response.Headers.Add(XFrameOptionsHeader, "SAMEORIGIN");
}
}
}
public ContentSecurityPolicyCreater(IContentSecurityPolicy policy)
{
this._policy = policy;
}
