public ICspDirectiveConfiguration GetOverridenCspDirectiveConfig(CspDirectiveOverride directiveOverride, ICspDirectiveConfiguration directiveConfig) { if (directiveOverride.None.HasValue && (bool)directiveOverride.None) { //When 'none' is true we don't want any other sources return new CspDirectiveConfiguration { NoneSrc = true }; } var result = directiveConfig ?? new CspDirectiveConfiguration(); result.Enabled = directiveOverride.Enabled; if (directiveOverride.None.HasValue) { result.NoneSrc = (bool)directiveOverride.None; } //Keep track if other sources have been enabled, so none must be disabled. var disableNone = false; if (directiveOverride.Self.HasValue) { result.SelfSrc = (bool)directiveOverride.Self; disableNone = result.SelfSrc; } if (directiveOverride.UnsafeEval.HasValue) { result.UnsafeEvalSrc = (bool)directiveOverride.UnsafeEval; disableNone = disableNone || result.UnsafeEvalSrc; } if (directiveOverride.UnsafeInline.HasValue) { result.UnsafeInlineSrc = (bool)directiveOverride.UnsafeInline; disableNone = disableNone || result.UnsafeInlineSrc; } if (!directiveOverride.InheritOtherSources) { result.CustomSources = EmptySources; } if (directiveOverride.OtherSources != null && directiveOverride.OtherSources.Length > 0) { var newSources = new List<string>(result.CustomSources); newSources.AddRange(directiveOverride.OtherSources); result.CustomSources = newSources.Distinct(); disableNone = true; } if (disableNone) { result.NoneSrc = false; } return result; }
private List <string> GetDirectiveList(ICspDirectiveConfiguration directive) { if (directive == null || !directive.Enabled) { return(null); } var sources = new List <string>(); if (directive.NoneSrc) { sources.Add("'none'"); } if (directive.SelfSrc) { sources.Add("'self'"); } if (directive.UnsafeInlineSrc) { sources.Add("'unsafe-inline'"); } if (!String.IsNullOrEmpty(directive.Nonce)) { var nonce = $"'nonce-{directive.Nonce}'"; sources.Add(nonce); } if (directive.UnsafeEvalSrc) { sources.Add("'unsafe-eval'"); } if (directive.StrictDynamicSrc) { sources.Add("'strict-dynamic'"); } if (directive.CustomSources != null) { sources.AddRange(directive.CustomSources); } return(sources.Count > 0 ? sources : null); }
public ICspDirectiveConfiguration GetOverridenCspDirectiveConfig(CspDirectiveOverride directiveOverride, ICspDirectiveConfiguration directiveConfig) { if (directiveOverride.None.HasValue && (bool)directiveOverride.None) { //When 'none' is true we don't want any other sources return(new CspDirectiveConfiguration { NoneSrc = true }); } var result = directiveConfig ?? new CspDirectiveConfiguration(); result.Enabled = directiveOverride.Enabled; if (directiveOverride.None.HasValue) { result.NoneSrc = (bool)directiveOverride.None; } //Keep track if other sources have been enabled, so none must be disabled. var disableNone = false; if (directiveOverride.Self.HasValue) { result.SelfSrc = (bool)directiveOverride.Self; disableNone = result.SelfSrc; } if (directiveOverride.UnsafeEval.HasValue) { result.UnsafeEvalSrc = (bool)directiveOverride.UnsafeEval; disableNone = disableNone || result.UnsafeEvalSrc; } if (directiveOverride.UnsafeInline.HasValue) { result.UnsafeInlineSrc = (bool)directiveOverride.UnsafeInline; disableNone = disableNone || result.UnsafeInlineSrc; } if (!directiveOverride.InheritOtherSources) { result.CustomSources = EmptySources; } if (directiveOverride.OtherSources != null && directiveOverride.OtherSources.Length > 0) { var newSources = new List <string>(result.CustomSources); newSources.AddRange(directiveOverride.OtherSources); result.CustomSources = newSources.Distinct(); disableNone = true; } if (disableNone) { result.NoneSrc = false; } return(result); }
public void SetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive, ICspDirectiveConfiguration directiveConfig) { switch (directive) { case CspDirectives.DefaultSrc: cspConfig.DefaultSrcDirective = directiveConfig; return; case CspDirectives.ScriptSrc: cspConfig.ScriptSrcDirective = directiveConfig; return; case CspDirectives.ObjectSrc: cspConfig.ObjectSrcDirective = directiveConfig; return; case CspDirectives.StyleSrc: cspConfig.StyleSrcDirective = directiveConfig; return; case CspDirectives.ImgSrc: cspConfig.ImgSrcDirective = directiveConfig; return; case CspDirectives.MediaSrc: cspConfig.MediaSrcDirective = directiveConfig; return; case CspDirectives.FrameSrc: cspConfig.FrameSrcDirective = directiveConfig; return; case CspDirectives.FontSrc: cspConfig.FontSrcDirective = directiveConfig; return; case CspDirectives.ConnectSrc: cspConfig.ConnectSrcDirective = directiveConfig; return; case CspDirectives.BaseUri: cspConfig.BaseUriDirective = directiveConfig; return; case CspDirectives.ChildSrc: cspConfig.ChildSrcDirective = directiveConfig; return; case CspDirectives.FormAction: cspConfig.FormActionDirective = directiveConfig; return; case CspDirectives.FrameAncestors: cspConfig.FrameAncestorsDirective = directiveConfig; return; case CspDirectives.ManifestSrc: cspConfig.ManifestSrcDirective = directiveConfig; return; case CspDirectives.WorkerSrc: cspConfig.WorkerSrcDirective = directiveConfig; return; default: throw new NotImplementedException("The mapping for " + directive + " was not implemented."); } }
public void SetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive, ICspDirectiveConfiguration directiveConfig) { switch (directive) { case CspDirectives.DefaultSrc: cspConfig.DefaultSrcDirective = directiveConfig; return; case CspDirectives.ScriptSrc: cspConfig.ScriptSrcDirective = directiveConfig; return; case CspDirectives.ObjectSrc: cspConfig.ObjectSrcDirective = directiveConfig; return; case CspDirectives.StyleSrc: cspConfig.StyleSrcDirective = directiveConfig; return; case CspDirectives.ImgSrc: cspConfig.ImgSrcDirective = directiveConfig; return; case CspDirectives.MediaSrc: cspConfig.MediaSrcDirective = directiveConfig; return; case CspDirectives.FrameSrc: cspConfig.FrameSrcDirective = directiveConfig; return; case CspDirectives.FontSrc: cspConfig.FontSrcDirective = directiveConfig; return; case CspDirectives.ConnectSrc: cspConfig.ConnectSrcDirective = directiveConfig; return; case CspDirectives.BaseUri: cspConfig.BaseUriDirective = directiveConfig; return; case CspDirectives.ChildSrc: cspConfig.ChildSrcDirective = directiveConfig; return; case CspDirectives.FormAction: cspConfig.FormActionDirective = directiveConfig; return; case CspDirectives.FrameAncestors: cspConfig.FrameAncestorsDirective = directiveConfig; return; default: throw new NotImplementedException("The mapping for " + directive + " was not implemented."); } }
private List<string> GetDirectiveList(ICspDirectiveConfiguration directive) { if (directive == null || !directive.Enabled) return null; var sources = new List<string>(); if (directive.NoneSrc) { sources.Add("'none'"); } if (directive.SelfSrc) { sources.Add("'self'"); } if (directive.UnsafeInlineSrc) { sources.Add("'unsafe-inline'"); } if (!string.IsNullOrEmpty(directive.Nonce)) { var nonce = "'nonce-" + directive.Nonce + "'"; sources.Add(nonce); } if (directive.UnsafeEvalSrc) { sources.Add("'unsafe-eval'"); } if (directive.CustomSources != null) { sources.AddRange(directive.CustomSources); } return sources.Count > 0 ? sources : null; }