public void CreateXfoResult_Disabled_ReturnsNull() { var xFrameConfig = new XFrameOptionsConfiguration { Policy = XfoPolicy.Disabled }; var result = _generator.CreateXfoResult(xFrameConfig); Assert.IsNull(result); }
public void GetXFrameOptionsConfiguration_NoOwinContext_ReturnsSystemWebConfig() { var config = new XFrameOptionsConfiguration(); _systemWebContext.XFrameOptions = config; var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext); Assert.Same(config, result); }
public void GetXFrameOptionsConfiguration_ReturnsContextConfig() { var config = new XFrameOptionsConfiguration(); _nwContext.XFrameOptions = config; var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext); Assert.Same(config, result); }
public void GetXFrameoptionsWithOverride_ConfigOverriden_ReturnsOverrideElement() { var configOverride = new XFrameOptionsConfiguration { Policy = XfoPolicy.Deny }; _headerConfigurationOverrideHelper.SetXFrameoptionsOverride(_mockContext, configOverride); Assert.AreSame(configOverride, _headerConfigurationOverrideHelper.GetXFrameoptionsWithOverride(_mockContext)); }
public void GetXFrameOptionsConfiguration_HasOwinConfig_ReturnsOwinConfig() { SetupOwinContext(); var config = new XFrameOptionsConfiguration(); _owinContext.XFrameOptions = config; var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext); Assert.Same(config, result); }
public void GetXFrameOptionsConfiguration_OwinContextWithoutConfig_ReturnsSystemWebConfig() { SetupOwinContext(); var config = new XFrameOptionsConfiguration(); _systemWebContext.XFrameOptions = config; var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext); Assert.AreSame(config, result); }
public void SetXFrameoptionsHeader_NoOverride_DoesNothing() { var contextConfig = new XFrameOptionsConfiguration(); _contextHelper.Setup(h => h.GetXFrameOptionsConfiguration(It.IsAny <HttpContextBase>())).Returns(contextConfig); _configurationOverrideHelper.Setup(h => h.GetXFrameoptionsWithOverride(It.IsAny <HttpContextBase>())).Returns((XFrameOptionsConfiguration)null); _overrideHelper.SetXFrameoptionsHeader(_mockContext); _headerGenerator.Verify(g => g.CreateXfoResult(It.IsAny <XFrameOptionsConfiguration>(), It.IsAny <XFrameOptionsConfiguration>()), Times.Never); _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), It.IsAny <HeaderResult>()), Times.Never); }
public void CreateXfoResult_Sameorigin_ReturnsSetXfoSameOriginResult() { var xFrameConfig = new XFrameOptionsConfiguration { Policy = XfoPolicy.SameOrigin }; var result = _generator.CreateXfoResult(xFrameConfig); Assert.IsNotNull(result); Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action); Assert.AreEqual("X-Frame-Options", result.Name); Assert.AreEqual("SameOrigin", result.Value); }
public void SetXFrameoptionsHeader_Override_CreatesAndHandlesHeaderResult() { var contextConfig = new XFrameOptionsConfiguration(); var overrideConfig = new XFrameOptionsConfiguration(); _contextHelper.Setup(h => h.GetXFrameOptionsConfiguration(It.IsAny <HttpContextBase>())).Returns(contextConfig); _configurationOverrideHelper.Setup(h => h.GetXFrameoptionsWithOverride(It.IsAny <HttpContextBase>())).Returns(overrideConfig); _headerGenerator.Setup(g => g.CreateXfoResult(overrideConfig, contextConfig)).Returns(_expectedHeaderResult); _overrideHelper.SetXFrameoptionsHeader(_mockContext); _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), _expectedHeaderResult), Times.Once); }
public void CreateXfoResult_Deny_ReturnsSetXfoDenyResult() { var xFrameConfig = new XFrameOptionsConfiguration { Policy = XfoPolicy.Deny }; var result = _generator.CreateXfoResult(xFrameConfig); Assert.NotNull(result); Assert.Equal(HeaderResult.ResponseAction.Set, result.Action); Assert.Equal("X-Frame-Options", result.Name); Assert.Equal("Deny", result.Value); }
public void CreateXfoResult_DisabledWithSameOriginInOldConfig_ReturnsRemoveXfoResult() { var xFrameConfig = new XFrameOptionsConfiguration { Policy = XfoPolicy.Disabled }; var oldXFrameConfig = new XFrameOptionsConfiguration { Policy = XfoPolicy.SameOrigin }; var result = _generator.CreateXfoResult(xFrameConfig, oldXFrameConfig); Assert.IsNotNull(result); Assert.AreEqual(HeaderResult.ResponseAction.Remove, result.Action); Assert.AreEqual("X-Frame-Options", result.Name); }
public SecureHeadersMiddlewareConfiguration() { UseHsts = false; UseHpkp = false; UseXFrameOptions = false; UseXssProtection = false; UseXContentTypeOptions = false; UseContentSecurityPolicy = false; UsePermittedCrossDomainPolicy = false; UseReferrerPolicy = false; HstsConfiguration = new HstsConfiguration(); HpkpConfiguration = new HPKPConfiguration(); XFrameOptionsConfiguration = new XFrameOptionsConfiguration(); XssConfiguration = new XssConfiguration(); ContentSecurityPolicyConfiguration = new ContentSecurityPolicyConfiguration(); PermittedCrossDomainPolicyConfiguration = new PermittedCrossDomainPolicyConfiguration(); ReferrerPolicy = new ReferrerPolicy(); }