private string CreateHeaderValue(XssProtectionOptions options)
{
string result = null;
if (options.FilterEnabled)
{
switch (options.Mode)
{
case XssProtectionMode.None:
result = "1";
break;
case XssProtectionMode.Block:
result = "1; mode=block";
break;
case XssProtectionMode.Report:
result = $"1; report={options.ReportUri}";
break;
}
}
else
{
result = "0";
}
return(result);
}
/// <summary>
/// Adds middleware for using XSS, which adds the X-XSS-Protection header.
/// </summary>
/// <param name="app">The <see cref="IApplicationBuilder"/> instance this method extends.</param>
public static IApplicationBuilder UseXssProtection(this IApplicationBuilder app)
{
XssProtectionOptionsBuilder optionsBuilder = new XssProtectionOptionsBuilder();
XssProtectionOptions options = optionsBuilder.BuildDefault();
return(app.UseMiddleware <XssProtectionMiddleware>(options));
}
public XssProtectionMiddleware(RequestDelegate next, XssProtectionOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
this.next = next;
headerValue = CreateHeaderValue(options);
}
internal XssProtectionOptionsBuilder()
{
options = new XssProtectionOptions();
}
