public void Build_AddingTheSameDirectiveTwice_OverwritesThePreviousCopy()
{
var builder = new CspBuilder();
builder.AddDefaultSrc().Self();
builder.AddDefaultSrc().None();
var result = builder.Build();
result.Should().Be("default-src 'none'");
}
public void Build_ForAllHeaders_WhenNotUsingNonce_HasPerRequestValuesReturnsTrue()
{
var builder = new CspBuilder();
builder.AddDefaultSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddConnectSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddFontSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddObjectSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddFormAction().Self().Blob().Data().From("http://testUrl.com");
builder.AddWorkerSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddImgSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddStyleSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddMediaSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddFrameAncestors().Self().Blob().Data().From("http://testUrl.com");
builder.AddBaseUri().Self().Blob().Data().From("http://testUrl.com");
builder.AddUpgradeInsecureRequests();
builder.AddBlockAllMixedContent();
// add nonce
builder.AddScriptSrc().WithNonce();
var result = builder.Build();
result.HasPerRequestValues.Should().BeTrue();
}
/// <summary>
/// Adds just the basic Csp
/// </summary>
/// <param name="csp"></param>
/// <param name="reportUri"></param>
/// <returns></returns>
public static CspBuilder AddDefaultCsp(this CspBuilder csp, string reportUri)
{
if (!string.IsNullOrWhiteSpace(reportUri))
{
csp.AddReportUri().To(reportUri);
}
csp.AddBlockAllMixedContent();
csp.AddDefaultSrc().Self();
csp.AddFontSrc().Self().Data();
csp.AddStyleSrc().Self().UnsafeInline();
return(csp);
}
public void Build_AddDefaultSrc_WhenAddsMultipleValue_ReturnsAllValues()
{
var builder = new CspBuilder();
builder.AddDefaultSrc()
.Self()
.Blob()
.Data()
.From("http://testUrl.com");
var result = builder.Build();
result.Should().Be("default-src 'self' blob: data: http://testUrl.com");
}
public void Build_AddDefaultSrc_WhenIncludesNone_OnlyWritesNone()
{
var builder = new CspBuilder();
builder.AddDefaultSrc()
.Self()
.Blob()
.Data()
.From("http://testUrl.com")
.None();
var result = builder.Build();
result.Should().Be("default-src 'none'");
}
public void Build_ForAllHeaders_WhenNotUsingNonce_HasPerRequestValuesReturnsFalse()
{
var builder = new CspBuilder();
builder.AddDefaultSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddConnectSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddFontSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddObjectSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddFormAction().Self().Blob().Data().From("http://testUrl.com");
builder.AddImgSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddScriptSrc().Self().UnsafeEval().UnsafeInline().StrictDynamic().ReportSample().From("http://testUrl.com");
builder.AddStyleSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddMediaSrc().Self().Blob().Data().From("http://testUrl.com");
builder.AddFrameAncestors().Self().Blob().Data().From("http://testUrl.com");
builder.AddBaseUri().Self().Blob().Data().From("http://testUrl.com");
builder.AddUpgradeInsecureRequests();
builder.AddBlockAllMixedContent();
var result = builder.Build();
result.HasPerRequestValues.Should().BeFalse();
}