/// <summary> /// Initializes a new instance of the <see cref="ReferrerPolicyAttribute"/> class /// </summary> public ReferrerPolicyAttribute(ReferrerPolicy policy) { _config = new ReferrerPolicyConfiguration { Policy = policy.MapToCoreType() }; _configurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
protected CspSandboxAttributeBase() { _directive = new CspSandboxOverride { Enabled = true }; _configurationOverrideHelper = new CspConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(); }
protected CspBlockAllMixedContentAttributeBase() { _directive = new CspMixedContentOverride { Enabled = true }; _configurationOverrideHelper = new CspConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
protected CspAttributeBase() { _config = new CspHeaderConfiguration { Enabled = true }; _headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
protected CspReportUriAttributeBase() { _directive = new CspReportUriDirectiveConfiguration { Enabled = true }; _configurationOverrideHelper = new CspConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
/// <summary> /// Initializes a new instance of the <see cref="XXssProtectionAttribute"/> class /// </summary> public XXssProtectionAttribute() { _config = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled, BlockMode = true }; _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
/// <summary> /// Initializes a new instance of the <see cref="XDownloadOptionsAttribute"/> class /// </summary> public XDownloadOptionsAttribute() { _config = new SimpleBooleanConfiguration { Enabled = true }; _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
/// <summary> /// Initializes a new instance of the <see cref="XRobotsTagAttribute"/> class /// </summary> public XRobotsTagAttribute() { _config = new XRobotsTagConfiguration { Enabled = true }; _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); }
/// <summary> /// Initializes a new instance of the <see cref="XFrameOptionsAttribute"/> class /// </summary> public XFrameOptionsAttribute() { _config = new XFrameOptionsConfiguration { Policy = XfoPolicy.Deny }; _configurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(); }
/// <summary> /// Initializes a new instance of the <see cref="SetNoCacheHttpHeadersAttribute"/> class /// </summary> public SetNoCacheHttpHeadersAttribute() { _config = new SimpleBooleanConfiguration { Enabled = true }; _configurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(); }
/// <summary> /// Initializes a new instance of the <see cref="XContentTypeOptionsAttribute"/> class /// </summary> public XContentTypeOptionsAttribute() { _config = new SimpleBooleanConfiguration { Enabled = true }; _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(); }
protected CspDirectiveAttributeBase() { DirectiveConfig = new CspDirectiveOverride() { Enabled = true, InheritOtherSources = true }; _headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(); }
protected CspPluginTypesAttributeBase(params string[] mediaTypes) { _directive = new CspPluginTypesOverride { Enabled = true, InheritMediaTypes = true }; _configurationOverrideHelper = new CspConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(); if (mediaTypes.Length > 0) { _directive.MediaTypes = mediaTypes; } }
/// <summary> /// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive. /// </summary> /// <param name="helper"></param> public static IHtmlString CspStyleNonce(this HtmlHelper helper) { var context = helper.ViewContext.HttpContext; var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper(); var headerOverrideHelper = new HeaderOverrideHelper(); var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context); if (context.Items["NWebsecStyleNonceSet"] == null) { context.Items["NWebsecStyleNonceSet"] = "set"; headerOverrideHelper.SetCspHeaders(context, false); headerOverrideHelper.SetCspHeaders(context, true); } return(CreateNonceAttribute(helper, nonce)); }
/// <summary> /// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive. /// </summary> /// <param name="helper"></param> public static IHtmlString CspStyleNonce(this HtmlHelper helper) { var context = new HttpContextWrapper(helper.ViewContext.HttpContext); var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper(); var headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper()); var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context); if (context.GetItem <string>("NWebsecStyleNonceSet") == null) { context.SetItem("NWebsecStyleNonceSet", "set"); headerOverrideHelper.SetCspHeaders(context, false); headerOverrideHelper.SetCspHeaders(context, true); } return(CreateNonceAttribute(helper, nonce)); }
/// <summary> /// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive. /// </summary> /// <param name="helper"></param> /// <param name="mediaType">The media type.</param> public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType) { new Rfc2045MediaTypeValidator().Validate(mediaType); var context = helper.ViewContext.HttpContext; var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper(); var headerOverrideHelper = new HeaderOverrideHelper(); var configOverride = new CspPluginTypesOverride() { Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType } }; cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false); cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true); headerOverrideHelper.SetCspHeaders(context, false); headerOverrideHelper.SetCspHeaders(context, true); var attribute = string.Format("type=\"{0}\"", helper.AttributeEncode(mediaType)); return(new HtmlString(attribute)); }
public void Setup() { _contextHelper = new Mock <IContextConfigurationHelper>(MockBehavior.Strict); _configurationOverrideHelper = new Mock <IHeaderConfigurationOverrideHelper>(MockBehavior.Strict); _headerGenerator = new Mock <IHeaderGenerator>(MockBehavior.Strict); _expectedHeaderResult = new HeaderResult(HeaderResult.ResponseAction.Set, "ExpectedHeader", "ninjavalue"); _headerResultHandler = new Mock <IHeaderResultHandler>(MockBehavior.Strict); _headerResultHandler.Setup(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), _expectedHeaderResult)); _cspConfigurationOverrideHelper = new Mock <ICspConfigurationOverrideHelper>(MockBehavior.Strict); _reportHelper = new Mock <ICspReportHelper>(MockBehavior.Strict); _overrideHelper = new HeaderOverrideHelper(_contextHelper.Object, _configurationOverrideHelper.Object, _headerGenerator.Object, _headerResultHandler.Object, _cspConfigurationOverrideHelper.Object, _reportHelper.Object); _mockContext = new Mock <HttpContextBase>().Object; }
/// <summary> /// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive. /// </summary> /// <param name="helper"></param> /// <param name="mediaType">The media type.</param> public static HtmlString CspMediaType(this IHtmlHelper <dynamic> helper, string mediaType) { new Rfc2045MediaTypeValidator().Validate(mediaType); var context = helper.ViewContext.HttpContext; var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper(); var headerOverrideHelper = new HeaderOverrideHelper(); var configOverride = new CspPluginTypesOverride() { Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType } }; cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false); cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true); headerOverrideHelper.SetCspHeaders(context, false); headerOverrideHelper.SetCspHeaders(context, true); //TODO have a look at the encoder. var attribute = $"type=\"{helper.Encode(mediaType)}\""; return(new HtmlString(attribute)); }