public void Validate_InvalidPreloadSubdomains_ThrowsException()
{
var config = new HstsConfiguration {
MaxAge = new TimeSpan(18 * 7, 0, 0, 0), IncludeSubdomains = false, Preload = true
};
Assert.Throws <Exception>(() => _validator.Validate(config));
}
public void Validate_ValidMaxAge_NoException()
{
var config = new HstsConfiguration {
MaxAge = new TimeSpan(1)
};
Assert.DoesNotThrow(() => _validator.Validate(config));
}
public void Validate_ValidPreload_NoException()
{
var config = new HstsConfiguration {
MaxAge = new TimeSpan(18 * 7, 0, 0, 0), IncludeSubdomains = true, Preload = true
};
Assert.DoesNotThrow(() => _validator.Validate(config));
}
public void Validate_ValidMaxAgeAndSubdomains_NoException()
{
var config = new HstsConfiguration {
MaxAge = new TimeSpan(1), IncludeSubdomains = true
};
_validator.Validate(config);
}
public void Validate_ValidMaxAge_NoException()
{
var config = new HstsConfiguration {
MaxAge = new TimeSpan(1)
};
_validator.Validate(config);
}
public void CreateHstsResult_LessThan18WeeksAndPreload_ReturnsNull()
{
var hstsConfig = new HstsConfiguration {
MaxAge = new TimeSpan(18 * 7 - 1, 23, 59, 59), IncludeSubdomains = false, Preload = true
};
var result = _generator.CreateHstsResult(hstsConfig);
Assert.IsNull(result);
}
public void CreateHstsResult_NegativeTimespanInConfig_ReturnsNull()
{
var hstsConfig = new HstsConfiguration {
MaxAge = new TimeSpan(-1)
};
var result = _generator.CreateHstsResult(hstsConfig);
Assert.IsNull(result);
}
public void CreateHstsResult_18WeeksWithPreload_ReturnsNull()
{
var hstsConfig = new HstsConfiguration {
MaxAge = new TimeSpan(18 * 7, 0, 0, 0), IncludeSubdomains = false, Preload = true
};
var result = _generator.CreateHstsResult(hstsConfig);
Assert.Null(result);
}
public void CreateHstsResult_18WeeksAndIncludesubdomainsWithPreload_ReturnsSetHstsPreloadResult()
{
var hstsConfig = new HstsConfiguration {
MaxAge = new TimeSpan(18 * 7, 0, 0, 0), IncludeSubdomains = true, Preload = true
};
var result = _generator.CreateHstsResult(hstsConfig);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
Assert.AreEqual("Strict-Transport-Security", result.Name);
Assert.AreEqual("max-age=10886400; includeSubdomains; preload", result.Value);
}
public void CreateHstsResult_24hAndIncludesubdomainsConfig_ReturnsSetHstsIncludesubdomainsResult()
{
var hstsConfig = new HstsConfiguration {
MaxAge = new TimeSpan(24, 0, 0), IncludeSubdomains = true
};
var result = _generator.CreateHstsResult(hstsConfig);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
Assert.AreEqual("Strict-Transport-Security", result.Name);
Assert.AreEqual("max-age=86400; includeSubdomains", result.Value);
}
public void CreateHstsResult_ZeroTimespanInConfig_ReturnsSetHstsResult()
{
var hstsConfig = new HstsConfiguration {
MaxAge = new TimeSpan(0)
};
var result = _generator.CreateHstsResult(hstsConfig);
Assert.IsNotNull(result);
Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
Assert.AreEqual("Strict-Transport-Security", result.Name);
Assert.AreEqual("max-age=0", result.Value);
}
public SecureHeadersMiddlewareConfiguration()
{
UseHsts = false;
UseHpkp = false;
UseXFrameOptions = false;
UseXssProtection = false;
UseXContentTypeOptions = false;
UseContentSecurityPolicy = false;
UsePermittedCrossDomainPolicy = false;
UseReferrerPolicy = false;
HstsConfiguration = new HstsConfiguration();
HpkpConfiguration = new HPKPConfiguration();
XFrameOptionsConfiguration = new XFrameOptionsConfiguration();
XssConfiguration = new XssConfiguration();
ContentSecurityPolicyConfiguration = new ContentSecurityPolicyConfiguration();
PermittedCrossDomainPolicyConfiguration = new PermittedCrossDomainPolicyConfiguration();
ReferrerPolicy = new ReferrerPolicy();
}
