Exemple #1
0
        public async Task ContentSecurityPolicyMiddlewareTest_invoke_otherTypes()
        {
            // Arrange
            var httpContext = new DefaultHttpContext();

            httpContext.Request.Scheme = "http";
            var authMiddleware = new ContentSecurityPolicyMiddleware((innerHttpContext) => Task.FromResult(0));

            // Act
            await authMiddleware.Invoke(httpContext);

            // test
            var referrerPolicy = httpContext.Response.Headers["Referrer-Policy"].ToString();

            Assert.AreEqual("no-referrer", referrerPolicy);

            var frameOptions = httpContext.Response.Headers["X-Frame-Options"].ToString();

            Assert.AreEqual("DENY", frameOptions);

            // X-Xss-Protection
            var xssProtection = httpContext.Response.Headers["X-Xss-Protection"].ToString();

            Assert.AreEqual("1; mode=block", xssProtection);

            // X-Content-Type-Options
            var contentTypeOptions = httpContext.Response.Headers["X-Content-Type-Options"].ToString();

            Assert.AreEqual("nosniff", contentTypeOptions);
        }
Exemple #2
0
        public async Task ContentSecurityPolicyMiddlewareTest_invoke_testContent()
        {
            // Arrange
            var httpContext = new DefaultHttpContext();

            httpContext.Request.Scheme = "http";
            var authMiddleware = new ContentSecurityPolicyMiddleware(next: (innerHttpContext) => Task.FromResult(0));

            // Act
            await authMiddleware.Invoke(httpContext);

            //test
            var csp = httpContext.Response.Headers["Content-Security-Policy"].ToString();

            Assert.AreEqual(true, csp.Contains("default-src"));
            Assert.AreEqual(true, csp.Contains("ws://"));
        }
Exemple #3
0
        public async Task invoke_httpsTest_websockets_localhostWithNoPort()
        {
            // Arrange
            var httpContext = new DefaultHttpContext();

            httpContext.Request.Scheme = "https";
            httpContext.Request.Host   = new HostString("localhost");

            var authMiddleware = new ContentSecurityPolicyMiddleware(next: (innerHttpContext) => Task.FromResult(0));

            // Act
            await authMiddleware.Invoke(httpContext);

            //test
            var csp = httpContext.Response.Headers["Content-Security-Policy"].ToString();

            Assert.AreEqual(true, csp.Contains("default-src"));
            Assert.AreEqual(true, csp.Contains("wss://localhost"));
            Assert.IsFalse(csp.Contains("wss://localhost:"));
        }