Example #1
0
        public void SecurityHeadersMiddleware_adds_ReferrerPolicy()
        {
            var context = new DefaultHttpContext();

            SecurityHeadersMiddleware.AddHeaders(context);

            Assert.True(context.Response.Headers.TryGetValue("Referrer-Policy", out var someHeader));
        }
Example #2
0
        public void SecurityHeadersMiddleware_adds_XContentTypeOptions()
        {
            var context = new DefaultHttpContext();

            SecurityHeadersMiddleware.AddHeaders(context);

            Assert.True(context.Response.Headers.TryGetValue("X-Content-Type-Options", out var someHeader));
        }
Example #3
0
        public void SecurityHeadersMiddleware_adds_XXSSProtection()
        {
            var context = new DefaultHttpContext();

            SecurityHeadersMiddleware.AddHeaders(context);

            Assert.True(context.Response.Headers.TryGetValue("X-XSS-Protection", out var someHeader));
        }
Example #4
0
        public void SecurityHeadersMiddleware_adds_ExpectCT()
        {
            var context = new DefaultHttpContext();

            SecurityHeadersMiddleware.AddHeaders(context);

            Assert.True(context.Response.Headers.TryGetValue("Expect-CT", out var someHeader));
        }
Example #5
0
        public async Task PermissionsPolicyHeaderShouldBeAdded(string[] permissionsPolicies, string expectedValue)
        {
            // Arrange
            var options = new SecurityHeadersOptions
            {
                PermissionsPolicy = permissionsPolicies
            };
            var middleware = new SecurityHeadersMiddleware(options, Request);
            var context    = new DefaultHttpContext();

            // Act
            await middleware.Invoke(context);

            // Assert
            Assert.True(context.Response.Headers.ContainsKey(SecurityHeaderNames.PermissionsPolicy));
            Assert.Equal(expectedValue, context.Response.Headers[SecurityHeaderNames.PermissionsPolicy]);
        }
Example #6
0
        public async Task ContentTypeOptionsHeaderShouldBeAdded()
        {
            // Arrange
            var options = new SecurityHeadersOptions
            {
                ContentTypeOptions = ContentTypeOptionsValue.NoSniff
            };
            var middleware = new SecurityHeadersMiddleware(options, Request);
            var context    = new DefaultHttpContext();

            // Act
            await middleware.Invoke(context);

            // Assert
            Assert.True(context.Response.Headers.ContainsKey(SecurityHeaderNames.XContentTypeOptions));
            Assert.Equal(ContentTypeOptionsValue.NoSniff, context.Response.Headers[SecurityHeaderNames.XContentTypeOptions]);
        }
Example #7
0
 // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 {
     if (env.IsDevelopment())
     {
         app.UseDeveloperExceptionPage();
     }
     app.UseHsts();
     app.UseDefaultFiles();
     app.UseStaticFiles(new StaticFileOptions()
     {
         OnPrepareResponse = ctx =>
         {
             SecurityHeadersMiddleware.SetSecurityHeaders(ctx.Context.Response.HttpContext);
         }
     });
     app.UseHttpsRedirection();
     app.UseMiddleware <SecurityHeadersMiddleware>();
     app.UseRouting();
     app.UseEndpoints(endpoints =>
     {
         endpoints.MapControllers();
         endpoints.MapHub <StressHub>("/stresshub");
     });
 }