protected override ICollection <string> GetParts(ICspNonceService nonceService) { ICollection <string> parts = base.GetParts(nonceService); if (AddNonce) { if (nonceService == null) { throw new ArgumentNullException( nameof(nonceService), "Nonce service was not found, it needs to be added to the service collection"); } parts.Add($"'nonce-{nonceService.GetNonce()}'"); } if (AllowUnsafeEval) { parts.Add("'unsafe-eval'"); } if (AllowUnsafeInline) { parts.Add("'unsafe-inline'"); } if (StrictDynamic) { parts.Add("'strict-dynamic'"); } return(parts); }
protected virtual ICollection<string> GetParts(ICspNonceService nonceService) { ICollection<string> parts = new List<string>(); if (AllowNone) { parts.Add("'none'"); } else { if (AllowAny) { parts.Add("*"); } if (AllowSelf) { parts.Add("'self'"); } if (AllowOnlyHttps) { parts.Add("https:"); } if (AllowDataScheme) { parts.Add("data:"); } foreach (string allowedSource in AllowedSources) { parts.Add(allowedSource); } } return parts; }
public (string headerName, string headerValue) ToString(ICspNonceService nonceService) { string headerName; if (ReportOnly) { headerName = "Content-Security-Policy-Report-Only"; } else { headerName = "Content-Security-Policy"; } var values = new List <string> { Default.ToString(nonceService), Script.ToString(nonceService), Style.ToString(nonceService), #pragma warning disable CS0618 // Type or member is obsolete Child.ToString(nonceService), #pragma warning restore CS0618 // Type or member is obsolete Connect.ToString(nonceService), Manifest.ToString(nonceService), Font.ToString(nonceService), FormAction.ToString(nonceService), Img.ToString(nonceService), Media.ToString(nonceService), Object.ToString(nonceService), FrameAncestors.ToString(), PluginTypes.ToString(), Frame.ToString(nonceService), Worker.ToString(nonceService), Prefetch.ToString(nonceService), BaseUri.ToString(nonceService), RequireSri.ToString() }; if (BlockAllMixedContent) { values.Insert(0, "block-all-mixed-content"); } if (UpgradeInsecureRequests) { values.Insert(0, "upgrade-insecure-requests"); } if (EnableSandbox) { values.Add(Sandbox.ToString()); } if (ReportUri != null) { values.Add("report-uri " + ReportUri); } string headerValue = string.Join(";", values.Where(s => s.Length > 0)); return(headerName, headerValue); }
public string ToString(ICspNonceService nonceService) { ICollection<string> parts = GetParts(nonceService); if (parts.Count == 0) { return string.Empty; } return _directiveName + string.Join(" ", parts); }
protected override ICollection <string> GetParts(ICspNonceService nonceService) { ICollection <string> parts = base.GetParts(nonceService); if (AddNonce) { parts.Add($"'nonce-{nonceService.GetNonce()}'"); } if (AllowUnsafeInline) { parts.Add("'unsafe-inline'"); } return(parts); }
/// <summary> /// Adds the nonce (for specific inline scripts) to the directive value. /// </summary> /// <param name="nonceService">Service for generating the nonce.</param> public FetchDirectiveBuilder AllowNonce(ICspNonceService nonceService) { if (nonceService == null) { throw new ArgumentNullException(nameof(nonceService)); } string nonce = nonceService.GetNonce(); string item = $"'nonce-{nonce}'"; if (!noncesAllowed.Contains(item)) { noncesAllowed.Add(item); } return(this); }
public RecaptchaScriptTagHelper(IRecaptchaConfigurationService service, IHttpContextAccessor contextAccessor) { service.CheckArgumentNull(nameof(service)); contextAccessor.CheckArgumentNull(nameof(contextAccessor)); _service = service; _contextAccessor = contextAccessor; var services = contextAccessor.HttpContext.RequestServices; if (!(services is null)) { var nonceService = services.GetService(typeof(ICspNonceService)); if (!(nonceService is null)) { _nonceService = nonceService as CspNonceService; } } }
public Tuple <string, string> ToString(ICspNonceService nonceService) { string headerName; if (ReportOnly) { headerName = "Content-Security-Policy-Report-Only"; } else { headerName = "Content-Security-Policy"; } ICollection <string> values = new List <string> { DefaultSrc.ToString(nonceService), ScriptSrc.ToString(nonceService), StyleSrc.ToString(nonceService), ChildSrc.ToString(nonceService), ConnectSrc.ToString(nonceService), FontSrc.ToString(nonceService), FormAction.ToString(nonceService), ImgSrc.ToString(nonceService), MediaSrc.ToString(nonceService), ObjectSrc.ToString(nonceService), FrameAncestors.ToString(), PluginTypes.ToString() }; if (EnableSandbox) { values.Add(Sandbox.ToString()); } if (ReportUri != null) { values.Add("report-uri " + ReportUri); } string headerValue = string.Join(";", values.Where(s => s.Length > 0)); return(new Tuple <string, string>(headerName, headerValue)); }
public NonceTagHelper(ICspNonceService nonceService) { _nonceService = nonceService; }