private static string SchemeSourceToString(CommonPolicySchemeSource.SchemeSources schemeSources)
{
if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.None))
{
return(null);
}
List <CommonPolicySchemeSource.SchemeSources> schemeSourceList = new List <CommonPolicySchemeSource.SchemeSources>();
if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.Blob))
{
schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.Blob);
}
if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.Data))
{
schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.Data);
}
if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.FileSystem))
{
schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.FileSystem);
}
if (schemeSources.HasFlag(CommonPolicySchemeSource.SchemeSources.MediaStream))
{
schemeSourceList.Add(CommonPolicySchemeSource.SchemeSources.MediaStream);
}
string value = null;
foreach (CommonPolicySchemeSource.SchemeSources schemeSource in schemeSourceList)
{
value += " " + schemeSource.ToFormatedString();
}
return(value);
}
public static string ToFormatedString(this CommonPolicySchemeSource.SchemeSources schemeSource)
{
return(schemeSource switch
{
CommonPolicySchemeSource.SchemeSources.Data => Data,
CommonPolicySchemeSource.SchemeSources.MediaStream => MediaStream,
CommonPolicySchemeSource.SchemeSources.Blob => Blob,
CommonPolicySchemeSource.SchemeSources.FileSystem => FileSystem,
_ => None,
});
/// <summary>
/// Adds a list of content security to which the provided directive is applied.
/// </summary>
/// <param name="directive">Directive to apply.</param>
/// <param name="fetchDirective">Content security fetch directive.</param>
/// <param name="hostSources">List of uri if the directive requires one.</param>
/// <param name="schemeSources">List of scheme source authorized.</param>
/// <param name="reportOnly">Indicates whether the rules are only there to generate a report.</param>
/// <returns></returns>
public SecurityHeadersBuilder AddContentSecurityPolicy(CommonPolicyDirective.Directive directive, ContentSecurityPolicyConstants.FetchDirectives fetchDirective, CommonPolicySchemeSource.SchemeSources schemeSources, IList <Uri> hostSources = null, bool reportOnly = true)
{
if (reportOnly && _reportUri == null)
{
throw new ReportUriMissingException();
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ChildSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ConnectSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.DefaultSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FontSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FontSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.FrameSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ImgSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ManifestSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.MediaSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ObjectSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.PrefetchSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrc, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcAttr, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.ScriptSrcElem, directive);
}
if (fetchDirective.HasFlag(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc))
{
_directives.TryAdd(ContentSecurityPolicyConstants.FetchDirectives.WorkerSrc, directive);
}
string header = ContentSecurityToString(hostSources);
header += SchemeSourceToString(schemeSources);
if (_reportUri != null)
{
header += "; " + CommonPolicyDirective.ReportUri + " " + _reportUri.AbsoluteUri;
}
if (reportOnly)
{
_policy.SetHeaders[ContentSecurityPolicyConstants.HeaderReportOnly] = header;
}
else
{
_policy.SetHeaders[ContentSecurityPolicyConstants.Header] = header;
}
return(this);
}
