public void HeaderModuleTestInitialize()
{
_mockRequest = new Mock<HttpRequestBase>();
_mockRequest.Setup(r => r.UserAgent).Returns("Ninja CSP browser");
_responseHeaders = new NameValueCollection();
_mockResponse = new Mock<HttpResponseBase>();
_mockResponse.Setup(r => r.Headers).Returns(_responseHeaders);
var mockedContext = new Mock<HttpContextBase>();
mockedContext.SetupAllProperties();
mockedContext.Setup(c => c.Request).Returns(_mockRequest.Object);
mockedContext.Setup(c => c.Response).Returns(_mockResponse.Object);
_expectedHeaderResult = new HeaderResult(HeaderResult.ResponseAction.Set, "SomeHeader", "SomeValue");
_mockHeaderGenerator = new Mock<IHeaderGenerator>(MockBehavior.Strict);
_mockHeaderResultHandler = new Mock<IHeaderResultHandler>(MockBehavior.Strict);
_mockHeaderResultHandler.Setup(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), _expectedHeaderResult));
_mockHandlerHelper = new Mock<IHandlerTypeHelper>();
_mockCspReportHelper = new Mock<ICspReportHelper>(MockBehavior.Strict);
_mockContext = mockedContext.Object;
_config = new HttpHeaderSecurityConfigurationSection();
_configHeaderSetter = new ConfigurationHeaderSetter(_config, _mockHeaderGenerator.Object, _mockHeaderResultHandler.Object, _mockHandlerHelper.Object, _mockCspReportHelper.Object);
_nwebsecContext = new NWebsecContext();
}
public void GetNWebsecOwinContext_HasContext_ReturnsContext()
{
var owinContext = new NWebsecContext();
var owinEnv = new Dictionary<string, object>();
owinEnv[NWebsecContext.ContextKey] = owinContext;
_mockContext.Items["owin.Environment"] = owinEnv;
var result = _mockContext.GetNWebsecOwinContext();
Assert.AreSame(owinContext, result);
}
public void Setup()
{
_systemWebContext = new NWebsecContext();
_owinContext = new NWebsecContext();
var mockContext = new Mock<HttpContextBase>();
mockContext.Setup(c => c.Items["nwebsec.Context"]).Returns(_systemWebContext);
_mockContext = mockContext.Object;
_contextHelper = new ContextConfigurationHelper();
}
internal void SetCspHeaders(HttpContextBase context, NWebsecContext nwebsecContext, bool reportOnly)
{
if (_handlerHelper.IsStaticContentHandler(context) ||
_handlerHelper.IsUnmanagedHandler(context)) return;
ICspConfiguration cspConfig;
if (reportOnly)
{
cspConfig = nwebsecContext.CspReportOnly = WebConfig.SecurityHttpHeaders.CspReportOnly;
}
else
{
cspConfig = nwebsecContext.Csp = WebConfig.SecurityHttpHeaders.Csp;
}
var result = _headerGenerator.CreateCspResult(cspConfig, reportOnly, _reportHelper.GetBuiltInCspReportHandlerRelativeUri());
_headerResultHandler.HandleHeaderResult(context.Response, result);
}
internal void SetXFrameoptionsHeader(HttpResponseBase response, NWebsecContext nwebsecContext)
{
nwebsecContext.XFrameOptions = WebConfig.SecurityHttpHeaders.XFrameOptions;
var result = _headerGenerator.CreateXfoResult(WebConfig.SecurityHttpHeaders.XFrameOptions);
_headerResultHandler.HandleHeaderResult(response, result);
}
internal void SetXRobotsTagHeader(HttpResponseBase response, NWebsecContext nwebsecContext)
{
nwebsecContext.XRobotsTag = WebConfig.XRobotsTag;
var result = _headerGenerator.CreateXRobotsTagResult(WebConfig.XRobotsTag);
_headerResultHandler.HandleHeaderResult(response, result);
}
internal void SetNoCacheHeadersFromConfig(HttpContextBase context, NWebsecContext nwebsecContext)
{
if (!WebConfig.NoCacheHttpHeaders.Enabled || _handlerHelper.IsUnmanagedHandler(context) || _handlerHelper.IsStaticContentHandler(context))
{
return;
}
nwebsecContext.NoCacheHeaders = WebConfig.NoCacheHttpHeaders;
SetNoCacheHeaders(context.Response);
}
internal void SetXXssProtectionHeader(HttpContextBase context, NWebsecContext nwebsecContext)
{
if (_handlerHelper.IsUnmanagedHandler(context) || _handlerHelper.IsStaticContentHandler(context))
{
return;
}
nwebsecContext.XXssProtection = WebConfig.SecurityHttpHeaders.XXssProtection;
var result = _headerGenerator.CreateXXssProtectionResult(WebConfig.SecurityHttpHeaders.XXssProtection);
_headerResultHandler.HandleHeaderResult(context.Response, result);
}
private ConfigurationOverrides GetConfigOverrides(NWebsecContext context)
{
if (context.ConfigOverrides == null)
{
context.ConfigOverrides = new ConfigurationOverrides();
}
return context.ConfigOverrides;
}
