public static string GetPolicyString(this ReferrerPolicy policy) { switch (policy) { case ReferrerPolicy.Disabled: throw new ArgumentOutOfRangeException(nameof(policy), "Disabled is not an actual referrer policy."); case ReferrerPolicy.NoReferrer: return("no-referrer"); case ReferrerPolicy.NoReferrerWhenDowngrade: return("no-referrer-when-downgrade"); case ReferrerPolicy.SameOrigin: return("same-origin"); case ReferrerPolicy.Origin: return("origin"); case ReferrerPolicy.StrictOrigin: return("strict-origin"); case ReferrerPolicy.OriginWhenCrossOrigin: return("origin-when-cross-origin"); case ReferrerPolicy.StrictOriginWhenCrossOrigin: return("strict-origin-when-cross-origin"); case ReferrerPolicy.UnsafeUrl: return("unsafe-url"); default: throw new ArgumentOutOfRangeException(nameof(policy), $"Unexpected value: {policy}"); } }
public void MapToCoreType_UnknownValue_Throws() { const ReferrerPolicy invalid = (ReferrerPolicy)Int32.MaxValue; Assert.False(Enum.IsDefined(typeof(ReferrerPolicyCore), (ReferrerPolicyCore)invalid)); Assert.Throws <ArgumentOutOfRangeException>(() => invalid.MapToCoreType()); }
/// <summary> /// Initializes a new instance of the <see cref="ReferrerPolicyAttribute"/> class /// </summary> public ReferrerPolicyAttribute(ReferrerPolicy policy) { _config = new ReferrerPolicyConfiguration { Policy = policy.MapToCoreType() }; _configurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
public ReferrerPolicyMiddleware(RequestDelegate next, ReferrerPolicy policy) { this.policy = policy; _next = next; if (policy == null) { throw new ArgumentNullException(nameof(policy)); } }
public static ReferrerPolicyCore MapToCoreType(this ReferrerPolicy policy) { var result = (ReferrerPolicyCore)policy; if (!Enum.IsDefined(typeof(ReferrerPolicyCore), result)) { throw new ArgumentOutOfRangeException(nameof(policy), $"The enum value {policy} was undefined in core enum type."); } return(result); }
/// <summary> /// The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests. Aside from the HTTP header, you can set this policy in HTML. /// </summary> /// <param name="response"></param> /// <param name="value"></param> /// <returns></returns> public static HttpResponse SetReferrerPolicy(this HttpResponse response, ReferrerPolicy value) { response.Headers.Append("Referrer-Policy", value switch { ReferrerPolicy.NoReferrer => "no-referrer", ReferrerPolicy.NoReferrerWhenDowngrade => "no-referrer-when-downgrade", ReferrerPolicy.Origin => "origin", ReferrerPolicy.OriginWhenCrossOrigin => "origin-when-cross-origin", ReferrerPolicy.SameOrigin => "same-origin", ReferrerPolicy.StrictOrigin => "strict-origin", ReferrerPolicy.StrictOriginWhenCrossOrigin => "strict-origin-when-cross-origin", _ => throw new Exception() });
public SecureHeadersMiddlewareConfiguration() { UseHsts = false; UseHpkp = false; UseXFrameOptions = false; UseXssProtection = false; UseXContentTypeOptions = false; UseContentSecurityPolicy = false; UsePermittedCrossDomainPolicy = false; UseReferrerPolicy = false; HstsConfiguration = new HstsConfiguration(); HpkpConfiguration = new HPKPConfiguration(); XFrameOptionsConfiguration = new XFrameOptionsConfiguration(); XssConfiguration = new XssConfiguration(); ContentSecurityPolicyConfiguration = new ContentSecurityPolicyConfiguration(); PermittedCrossDomainPolicyConfiguration = new PermittedCrossDomainPolicyConfiguration(); ReferrerPolicy = new ReferrerPolicy(); }
public void ReferrerPolicySet(ReferrerPolicy policy) { _http.Header.SetupSet(a => a[Constants.ServerHeader] = Constants.Referrers[policy]).Verifiable(); AsyncTools.RunSync(() => new Middleware.ServerHeader(null, Constants.Referrers[policy]).Invoke(_http.ContextMock.Object)); _http.Header.Verify(); }
public void CreateReferrerPolicyResult_RPPolicyWithSamePolicyInConfig_ReturnsSetReferrerPolicyResult(ReferrerPolicy policy, string expected) { var referrerConfig = new ReferrerPolicyConfiguration { Policy = policy }; var oldreferrerConfig = new ReferrerPolicyConfiguration { Policy = policy }; var result = _generator.CreateReferrerPolicyResult(referrerConfig, oldreferrerConfig); Assert.NotNull(result); Assert.Equal(HeaderResult.ResponseAction.Set, result.Action); Assert.Equal("Referrer-Policy", result.Name); Assert.Equal(expected, result.Value); }
public async Task ReferrerPolicyHeaderMiddleware_EmitsReferrerPolicyOptionValue(ReferrerPolicy policy, string value) { // Arrane var server = PersonalSiteTestServer.Create(app => { app.UseReferrerPolicyHeader(policy); }); // Act var response = await server.CreateRequest("http://server/").GetAsync(); // Assert Assert.True(response.Headers.Contains(ReferrerPolicyHeaderMiddleware.ReferrerPolicyHeaderName)); Assert.Equal(value, response.Headers.GetValues(ReferrerPolicyHeaderMiddleware.ReferrerPolicyHeaderName).First()); }
public void NoReferrer() { Policy = ReferrerPolicy.NoReferrer; }
public void ReferrerPolicyMapping(ReferrerPolicy policy, string val) { Assert.Equal(val, Constants.Referrers[policy]); }
public void GetPolicyString_ValidPolicy_ReturnsPolicyString(ReferrerPolicy policy, string expectedPolicy) { var result = policy.GetPolicyString(); Assert.Equal(expectedPolicy, result); }
public ReferrerPolicyMiddleware(RequestDelegate next, ReferrerPolicy policy) { _next = next; Policy = policy; _headerValue = HeaderValues[Policy]; }
/// <summary> /// Initialises a new <see cref="ReferrerPolicyHeaderOptions"/> instance with a specified policy. /// </summary> /// <param name="policy">The referrer policy to use.</param> public ReferrerPolicyHeaderOptions(ReferrerPolicy policy) { Policy = policy; }
public void UnsafeUrl() { Policy = ReferrerPolicy.UnsafeUrl; }
public void StrictOriginWhenCrossOrigin() { Policy = ReferrerPolicy.StrictOriginWhenCrossOrigin; }
public void OriginWhenCrossOrigin() { Policy = ReferrerPolicy.OriginWhenCrossOrigin; }
public void Origin() { Policy = ReferrerPolicy.Origin; }
public void SameOrigin() { Policy = ReferrerPolicy.SameOrigin; }
public void NoReferrerWhenDowngrade() { Policy = ReferrerPolicy.NoReferrerWhenDowngrade; }
public static IApplicationBuilder UseReferrerPolicy(this IApplicationBuilder app, ReferrerPolicy policy) { if (app == null) { throw new ArgumentNullException(nameof(app)); } return(app.UseMiddleware <Middleware.ReferrerPolicy>(policy)); }
/// <summary> /// Adds the Referrer-Policy header to all responses. /// </summary> /// <param name="app"></param> /// <param name="policy"></param> public static void UseReferrerPolicy(this IApplicationBuilder app, ReferrerPolicy policy = ReferrerPolicy.SameOrigin) { app.UseMiddleware <ReferrerPolicyMiddleware>(policy); }
/// <summary> /// Add Referrer policy options to the header /// When you click a link on a website, the calling URL is automatically transferred to the linked site. Unless this is necessary, you should disable it using the Referrer-Policy header /// By default This method will add header 'Referrer-Policy', 'no-referrer' /// </summary> /// <param name="policy">Referrer policy, default set to no-referrer</param> public static IApplicationBuilder AddReferrerPolicyHeader(this IApplicationBuilder app, ReferrerPolicy policy = ReferrerPolicy.NoReferrer) { app.UseMiddleware <ReferrerPolicyMiddleware>(new OptionsWrapper <ReferrerPolicyModel>(new ReferrerPolicyModel(policy))); return(app); }
public void GetPolicyString_InvalidPolicy_Throws(ReferrerPolicy policy) { Assert.Throws <ArgumentOutOfRangeException>(() => policy.GetPolicyString()); }
/// <summary> /// Defines the parameters for the Referrer policy header with 'no-referrer' option set /// </summary> public ReferrerPolicyModel(ReferrerPolicy referrerPolicy) { this.ReferrerPolicy = referrerPolicy; }
/// <summary> /// The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests. Aside from the HTTP header, you can set this policy in HTML. /// </summary> /// <param name="builder"></param> /// <param name="value"></param> /// <returns></returns> public static IApplicationBuilder AddReferrerPolicy(this IApplicationBuilder builder, ReferrerPolicy value) { builder.Use((context, next) => { context.Response.SetReferrerPolicy(value); return(next()); }); return(builder); }
/// <summary> /// Typically when users are directed away from your site they have a referrer header. This says where the request is coming from, which has privacy implications for your users. /// </summary> /// <param name="app"></param> /// <param name="policy">A referrer policy. You can read more about them here: https://www.w3.org/TR/referrer-policy/#referrer-policies </param> /// <returns></returns> public static IApplicationBuilder UseReferrerPolicy(this IApplicationBuilder app, ReferrerPolicy policy) => app.UseMiddleware <ReferrerPolicyMiddleware>(policy);
/// <summary> /// Specifies a policy that determines when the <c>Referer</c> header is sent. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="referrerPolicy"> /// A value that specifies the algorithm used to populate the /// <c>Referer</c> header. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with the specified Referrer Policy. /// </returns> public static ResponseHeadersOptionsBuilder AddReferrerPolicy(this ResponseHeadersOptionsBuilder builder, ReferrerPolicy referrerPolicy) { return(builder.Add("Referrer-Policy", referrerPolicy.ToString())); }
public static IServiceCollection AddReferrerPolicy(this IServiceCollection services, ReferrerPolicy policy = ReferrerPolicy.SameOrigin) { return(services.AddReferrerPolicy(new ReferrerPolicyOptions(policy))); }