public void GivenInjectedHeaderInWhenChallengingHeadersForValidationThenSecurityThreatDiagnosticsMustRaiseExceptionDueToInjectedHeaderValue()
        {
            WhiteListedHeaders whiteListedHeaders = new WhiteListedHeaders();

            whiteListedHeaders.AllowedHttpHeaders = new [] { "Authorization" };
            whiteListedHeaders.CurrentHttpHeaders = new Dictionary <string, string>();
            whiteListedHeaders.CurrentHttpHeaders.Add("Authorization: ", "Bearer <script>function attack(){ alert(\"i created XSS\"); } attack();</script>");
            Assert.Throws <ApplicationException>(() => SecurityThreatDiagnostics.ChallengeSecurityHeaders(whiteListedHeaders, options, CancellationToken.None));
        }
        public void GivenStandardHeaderInWhenChallengingHeadersForValidationThenSecurityThreatDiagnosticsMustByPassRelevantHeaders()
        {
            WhiteListedHeaders whiteListedHeaders = new WhiteListedHeaders();

            whiteListedHeaders.AllowedHttpHeaders = new [] { StaticHeader };
            whiteListedHeaders.CurrentHttpHeaders = new Dictionary <string, string>();
            whiteListedHeaders.CurrentHttpHeaders.Add("Authorization: ", "Bearer hashme");
            SecurityThreatDiagnosticsResult result = SecurityThreatDiagnostics.ChallengeSecurityHeaders(whiteListedHeaders, options, CancellationToken.None);

            Assert.IsTrue(result.IsValid);
        }