public void SecurityHeadersMiddleware_adds_ReferrerPolicy() { var context = new DefaultHttpContext(); SecurityHeadersMiddleware.AddHeaders(context); Assert.True(context.Response.Headers.TryGetValue("Referrer-Policy", out var someHeader)); }
public void SecurityHeadersMiddleware_adds_XContentTypeOptions() { var context = new DefaultHttpContext(); SecurityHeadersMiddleware.AddHeaders(context); Assert.True(context.Response.Headers.TryGetValue("X-Content-Type-Options", out var someHeader)); }
public void SecurityHeadersMiddleware_adds_XXSSProtection() { var context = new DefaultHttpContext(); SecurityHeadersMiddleware.AddHeaders(context); Assert.True(context.Response.Headers.TryGetValue("X-XSS-Protection", out var someHeader)); }
public void SecurityHeadersMiddleware_adds_ExpectCT() { var context = new DefaultHttpContext(); SecurityHeadersMiddleware.AddHeaders(context); Assert.True(context.Response.Headers.TryGetValue("Expect-CT", out var someHeader)); }
public async Task PermissionsPolicyHeaderShouldBeAdded(string[] permissionsPolicies, string expectedValue) { // Arrange var options = new SecurityHeadersOptions { PermissionsPolicy = permissionsPolicies }; var middleware = new SecurityHeadersMiddleware(options, Request); var context = new DefaultHttpContext(); // Act await middleware.Invoke(context); // Assert Assert.True(context.Response.Headers.ContainsKey(SecurityHeaderNames.PermissionsPolicy)); Assert.Equal(expectedValue, context.Response.Headers[SecurityHeaderNames.PermissionsPolicy]); }
public async Task ContentTypeOptionsHeaderShouldBeAdded() { // Arrange var options = new SecurityHeadersOptions { ContentTypeOptions = ContentTypeOptionsValue.NoSniff }; var middleware = new SecurityHeadersMiddleware(options, Request); var context = new DefaultHttpContext(); // Act await middleware.Invoke(context); // Assert Assert.True(context.Response.Headers.ContainsKey(SecurityHeaderNames.XContentTypeOptions)); Assert.Equal(ContentTypeOptionsValue.NoSniff, context.Response.Headers[SecurityHeaderNames.XContentTypeOptions]); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseHsts(); app.UseDefaultFiles(); app.UseStaticFiles(new StaticFileOptions() { OnPrepareResponse = ctx => { SecurityHeadersMiddleware.SetSecurityHeaders(ctx.Context.Response.HttpContext); } }); app.UseHttpsRedirection(); app.UseMiddleware <SecurityHeadersMiddleware>(); app.UseRouting(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); endpoints.MapHub <StressHub>("/stresshub"); }); }