public void CreateXfoResult_Disabled_ReturnsNull()
{
var xFrameConfig = new XFrameOptionsConfiguration {
Policy = XfoPolicy.Disabled
};
var result = _generator.CreateXfoResult(xFrameConfig);
Assert.IsNull(result);
}
public void GetXFrameOptionsConfiguration_NoOwinContext_ReturnsSystemWebConfig()
{
var config = new XFrameOptionsConfiguration();
_systemWebContext.XFrameOptions = config;
var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext);
Assert.Same(config, result);
}
public void GetXFrameOptionsConfiguration_ReturnsContextConfig()
{
var config = new XFrameOptionsConfiguration();
_nwContext.XFrameOptions = config;
var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext);
Assert.Same(config, result);
}
public void GetXFrameoptionsWithOverride_ConfigOverriden_ReturnsOverrideElement()
{
var configOverride = new XFrameOptionsConfiguration {
Policy = XfoPolicy.Deny
};
_headerConfigurationOverrideHelper.SetXFrameoptionsOverride(_mockContext, configOverride);
Assert.AreSame(configOverride, _headerConfigurationOverrideHelper.GetXFrameoptionsWithOverride(_mockContext));
}
public void GetXFrameOptionsConfiguration_HasOwinConfig_ReturnsOwinConfig()
{
SetupOwinContext();
var config = new XFrameOptionsConfiguration();
_owinContext.XFrameOptions = config;
var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext);
Assert.Same(config, result);
}
public void GetXFrameOptionsConfiguration_OwinContextWithoutConfig_ReturnsSystemWebConfig()
{
SetupOwinContext();
var config = new XFrameOptionsConfiguration();
_systemWebContext.XFrameOptions = config;
var result = _contextHelper.GetXFrameOptionsConfiguration(_mockContext);
Assert.AreSame(config, result);
}
public void SetXFrameoptionsHeader_NoOverride_DoesNothing()
{
var contextConfig = new XFrameOptionsConfiguration();
_contextHelper.Setup(h => h.GetXFrameOptionsConfiguration(It.IsAny <HttpContextBase>())).Returns(contextConfig);
_configurationOverrideHelper.Setup(h => h.GetXFrameoptionsWithOverride(It.IsAny <HttpContextBase>())).Returns((XFrameOptionsConfiguration)null);
_overrideHelper.SetXFrameoptionsHeader(_mockContext);
_headerGenerator.Verify(g => g.CreateXfoResult(It.IsAny <XFrameOptionsConfiguration>(), It.IsAny <XFrameOptionsConfiguration>()), Times.Never);
_headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), It.IsAny <HeaderResult>()), Times.Never);
}
public void CreateXfoResult_Sameorigin_ReturnsSetXfoSameOriginResult()
{
var xFrameConfig = new XFrameOptionsConfiguration {
Policy = XfoPolicy.SameOrigin
};
var result = _generator.CreateXfoResult(xFrameConfig);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
Assert.AreEqual("X-Frame-Options", result.Name);
Assert.AreEqual("SameOrigin", result.Value);
}
public void SetXFrameoptionsHeader_Override_CreatesAndHandlesHeaderResult()
{
var contextConfig = new XFrameOptionsConfiguration();
var overrideConfig = new XFrameOptionsConfiguration();
_contextHelper.Setup(h => h.GetXFrameOptionsConfiguration(It.IsAny <HttpContextBase>())).Returns(contextConfig);
_configurationOverrideHelper.Setup(h => h.GetXFrameoptionsWithOverride(It.IsAny <HttpContextBase>())).Returns(overrideConfig);
_headerGenerator.Setup(g => g.CreateXfoResult(overrideConfig, contextConfig)).Returns(_expectedHeaderResult);
_overrideHelper.SetXFrameoptionsHeader(_mockContext);
_headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), _expectedHeaderResult), Times.Once);
}
public void CreateXfoResult_Deny_ReturnsSetXfoDenyResult()
{
var xFrameConfig = new XFrameOptionsConfiguration {
Policy = XfoPolicy.Deny
};
var result = _generator.CreateXfoResult(xFrameConfig);
Assert.NotNull(result);
Assert.Equal(HeaderResult.ResponseAction.Set, result.Action);
Assert.Equal("X-Frame-Options", result.Name);
Assert.Equal("Deny", result.Value);
}
public void CreateXfoResult_DisabledWithSameOriginInOldConfig_ReturnsRemoveXfoResult()
{
var xFrameConfig = new XFrameOptionsConfiguration {
Policy = XfoPolicy.Disabled
};
var oldXFrameConfig = new XFrameOptionsConfiguration {
Policy = XfoPolicy.SameOrigin
};
var result = _generator.CreateXfoResult(xFrameConfig, oldXFrameConfig);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Remove, result.Action);
Assert.AreEqual("X-Frame-Options", result.Name);
}
public SecureHeadersMiddlewareConfiguration()
{
UseHsts = false;
UseHpkp = false;
UseXFrameOptions = false;
UseXssProtection = false;
UseXContentTypeOptions = false;
UseContentSecurityPolicy = false;
UsePermittedCrossDomainPolicy = false;
UseReferrerPolicy = false;
HstsConfiguration = new HstsConfiguration();
HpkpConfiguration = new HPKPConfiguration();
XFrameOptionsConfiguration = new XFrameOptionsConfiguration();
XssConfiguration = new XssConfiguration();
ContentSecurityPolicyConfiguration = new ContentSecurityPolicyConfiguration();
PermittedCrossDomainPolicyConfiguration = new PermittedCrossDomainPolicyConfiguration();
ReferrerPolicy = new ReferrerPolicy();
}
