public void Ctor_ArgumentNextIsNull_ThrowsArgumentNullException()
{
Assert.Throws <ArgumentNullException>(() =>
{
_ = new HstsMiddleware(next: null, options: new OptionsWrapper <HstsOptions>(new HstsOptions()));
});
}
public void Ctor_ArgumentOptionsIsNull_ThrowsArgumentNullException()
{
Assert.Throws <ArgumentNullException>(() =>
{
_ = new HstsMiddleware(innerHttpContext => Task.CompletedTask, options: null);
});
}
public async void WhenSchemeIsHttps_SetTheHeader()
{
// Arrange
var middleware = new HstsMiddleware(null);
// Act
await middleware.Invoke(_mockContext.Object);
_stubResponse.InvokeOnSendingHeaders();
// Assert
Assert.True(_mockContext.Object.Response.Headers.ContainsKey(HstsHeaderName));
}
public async void WhenSchemeIsNotHttps_DontSetTheHeader()
{
// Arrange
var middleware = new HstsMiddleware(null);
_mockRequest.Setup(r => r.Scheme).Returns("http");
// Act
await middleware.Invoke(_mockContext.Object);
_stubResponse.InvokeOnSendingHeaders();
// Assert
Assert.False(_mockContext.Object.Response.Headers.ContainsKey(HstsHeaderName));
}
public async void WhenHeaderIsAlreadySet_DontSetTheHeader()
{
// Arrange
const string presetHeader = "max-age=1";
_stubResponse.Headers.Add(HstsHeaderName, new[] { presetHeader });
var middleware = new HstsMiddleware(null);
// Act
await middleware.Invoke(_mockContext.Object);
_stubResponse.InvokeOnSendingHeaders();
// Assert
Assert.AreEqual(presetHeader, _mockContext.Object.Response.Headers[HstsHeaderName]);
}
public async void WhenHeaderIsAlreadySetAndOverrideIsSet_SetTheHeader()
{
// Arrange
const string presetHeader = "max-age=1";
var settings = new HstsSettings {
OverwriteExisting = true
};
_stubResponse.Headers.Add(HstsHeaderName, new[] { presetHeader });
var middleware = new HstsMiddleware(null, settings);
// Act
await middleware.Invoke(_mockContext.Object);
_stubResponse.InvokeOnSendingHeaders();
// Assert
Assert.AreEqual(settings.GenerateResponseValue(), _mockContext.Object.Response.Headers[HstsHeaderName]);
}
public HstsConfigurationMiddleware(IOptions <HostHstsOptions> hostHstsOptions)
{
RequestDelegate contextNext = async context =>
{
if (context.Items.Remove(ScriptConstants.HstsMiddlewareRequestDelegate, out object requestDelegate) && requestDelegate is RequestDelegate next)
{
await next(context);
}
};
if (hostHstsOptions.Value.IsEnabled)
{
var hstsMiddleware = new HstsMiddleware(contextNext, hostHstsOptions);
_invoke = hstsMiddleware.Invoke;
}
else
{
_invoke = contextNext;
}
}
public async Task HstsHeaderIsNotIncluded_WhenRequestHeadersAlreadyContainHstsHeader()
{
RequestDelegate mockNext = (HttpContext ctx) =>
{
return(Task.CompletedTask);
};
var options = Options.Create(new HstsOptions()
{
Duration = TimeSpan.FromHours(1)
});
var sut = new HstsMiddleware(mockNext, options);
var mockContext = new DefaultHttpContext();
mockContext.Request.Scheme = "https";
mockContext.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000");
await sut.Invoke(mockContext);
//Invoke throws System.ArgumentException if it tries to add the header again
}
