void AppBeginRequest(object sender, EventArgs e)
{
var app = (HttpApplication)sender;
var context = new HttpContextWrapper(app.Context);
if (_cspUpgradeRequestHelper.UaSupportsUpgradeInsecureRequests(context.Request) && _cspUpgradeRequestHelper.TryUpgradeInsecureRequest(context))
{
return;
}
_configHeaderSetter.SetSitewideHeadersFromConfig(context);
if (!_cspReportHelper.IsRequestForBuiltInCspReportHandler(context.Request))
{
return;
}
CspViolationReport cspReport;
if (_cspReportHelper.TryGetCspReportFromRequest(context.Request, out cspReport))
{
var eventArgs = new CspViolationReportEventArgs {
ViolationReport = cspReport
};
OnCspViolationReport(eventArgs);
context.Response.StatusCode = 204;
app.CompleteRequest();
}
else
{
context.Response.StatusCode = 400;
app.CompleteRequest();
}
}
public void UaSupportsUpgradeInsecureRequests_UpgradeHeaderNotOk_ReturnsFalse()
{
SetRequestUpgradeHeader("yolo");
var helper = new CspUpgradeInsecureRequestHelper();
Assert.IsFalse(helper.UaSupportsUpgradeInsecureRequests(_request.Object));
}
public void UaSupportsUpgradeInsecureRequests_UpgradeHeaderOk_ReturnsTrue()
{
SetRequestUpgradeHeader();
var helper = new CspUpgradeInsecureRequestHelper();
Assert.True(helper.UaSupportsUpgradeInsecureRequests(_request.Object));
}
public void UaSupportsUpgradeInsecureRequests_NotSupported_ReturnsFalse()
{
var helper = new CspUpgradeInsecureRequestHelper();
Assert.IsFalse(helper.UaSupportsUpgradeInsecureRequests(_request.Object));
}