public HeaderResult CreateXXssProtectionResult(IXXssProtectionConfiguration xXssProtectionConfig,
IXXssProtectionConfiguration oldXXssProtectionConfig = null)
{
if (oldXXssProtectionConfig != null && oldXXssProtectionConfig.Policy != XXssPolicy.Disabled &&
xXssProtectionConfig.Policy == XXssPolicy.Disabled)
{
return(new HeaderResult(HeaderResult.ResponseAction.Remove, HeaderConstants.XXssProtectionHeader));
}
string value;
switch (xXssProtectionConfig.Policy)
{
case XXssPolicy.Disabled:
return(null);
case XXssPolicy.FilterDisabled:
value = "0";
break;
case XXssPolicy.FilterEnabled:
value = (xXssProtectionConfig.BlockMode ? "1; mode=block" : "1");
break;
default:
throw new NotImplementedException("Somebody apparently forgot to implement support for: " +
xXssProtectionConfig.Policy);
}
return(new HeaderResult(HeaderResult.ResponseAction.Set, HeaderConstants.XXssProtectionHeader, value));
}
public XXssMiddleware(AppFunc next, XXssProtectionOptions options)
: base(next)
{
_config = options;
var headerGenerator = new HeaderGenerator();
_headerResult = headerGenerator.CreateXXssProtectionResult(_config);
}
public XXssMiddleware(RequestDelegate next, XXssProtectionOptions options)
: base(next)
{
_config = options;
var headerGenerator = new HeaderGenerator();
_headerResult = headerGenerator.CreateXXssProtectionResult(_config);
}
internal void SetXXssProtectionOverride(HttpContext context, IXXssProtectionConfiguration xXssProtectionConfig)
{
var headerList = GetHeaderListFromContext(context);
var headerKey = HeaderConstants.XXssProtectionHeader;
if (headerList.ContainsKey(headerKey))
{
headerList.Remove(headerKey);
}
headerList.Add(headerKey, xXssProtectionConfig);
}
public HeaderResult CreateXXssProtectionResult(IXXssProtectionConfiguration xXssProtectionConfig,
IXXssProtectionConfiguration oldXXssProtectionConfig = null)
{
if (oldXXssProtectionConfig != null && oldXXssProtectionConfig.Policy != XXssPolicy.Disabled &&
xXssProtectionConfig.Policy == XXssPolicy.Disabled)
{
return new HeaderResult(HeaderResult.ResponseAction.Remove, HeaderConstants.XXssProtectionHeader);
}
string value;
switch (xXssProtectionConfig.Policy)
{
case XXssPolicy.Disabled:
return null;
case XXssPolicy.FilterDisabled:
value = "0";
break;
case XXssPolicy.FilterEnabled:
value = (xXssProtectionConfig.BlockMode ? "1; mode=block" : "1");
break;
default:
throw new NotImplementedException("Somebody apparently forgot to implement support for: " +
xXssProtectionConfig.Policy);
}
return new HeaderResult(HeaderResult.ResponseAction.Set, HeaderConstants.XXssProtectionHeader, value);
}
internal void SetXXssProtectionOverride(HttpContextBase context, IXXssProtectionConfiguration xXssProtectionConfig)
{
var headerList = GetHeaderListFromContext(context);
var headerKey = HeaderConstants.XXssProtectionHeader;
if (headerList.ContainsKey(headerKey))
headerList.Remove(headerKey);
headerList.Add(headerKey, xXssProtectionConfig);
}
internal void SetXXssProtectionOverride(IHttpContextWrapper context, IXXssProtectionConfiguration xXssProtectionConfig)
{
context.GetNWebsecOverrideContext().XXssProtection = xXssProtectionConfig;
}
