Esempio n. 1
0
 /// <summary>
 /// Initializes a new instance of the <see cref="ReferrerPolicyAttribute"/> class
 /// </summary>
 public ReferrerPolicyAttribute(ReferrerPolicy policy)
 {
     _config = new ReferrerPolicyConfiguration {
         Policy = policy.MapToCoreType()
     };
     _configurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper        = new HeaderOverrideHelper(new CspReportHelper());
 }
Esempio n. 2
0
 protected CspSandboxAttributeBase()
 {
     _directive = new CspSandboxOverride {
         Enabled = true
     };
     _configurationOverrideHelper = new CspConfigurationOverrideHelper();
     _headerOverrideHelper        = new HeaderOverrideHelper();
 }
Esempio n. 3
0
 protected CspBlockAllMixedContentAttributeBase()
 {
     _directive = new CspMixedContentOverride {
         Enabled = true
     };
     _configurationOverrideHelper = new CspConfigurationOverrideHelper();
     _headerOverrideHelper        = new HeaderOverrideHelper(new CspReportHelper());
 }
Esempio n. 4
0
 protected CspAttributeBase()
 {
     _config = new CspHeaderConfiguration {
         Enabled = true
     };
     _headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
 }
 protected CspReportUriAttributeBase()
 {
     _directive = new CspReportUriDirectiveConfiguration {
         Enabled = true
     };
     _configurationOverrideHelper = new CspConfigurationOverrideHelper();
     _headerOverrideHelper        = new HeaderOverrideHelper(new CspReportHelper());
 }
Esempio n. 6
0
 /// <summary>
 /// Initializes a new instance of the <see cref="XXssProtectionAttribute"/> class
 /// </summary>
 public XXssProtectionAttribute()
 {
     _config = new XXssProtectionConfiguration {
         Policy = XXssPolicy.FilterEnabled, BlockMode = true
     };
     _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
 }
Esempio n. 7
0
 /// <summary>
 /// Initializes a new instance of the <see cref="XDownloadOptionsAttribute"/> class
 /// </summary>
 public XDownloadOptionsAttribute()
 {
     _config = new SimpleBooleanConfiguration {
         Enabled = true
     };
     _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
 }
Esempio n. 8
0
 /// <summary>
 /// Initializes a new instance of the <see cref="XRobotsTagAttribute"/> class
 /// </summary>
 public XRobotsTagAttribute()
 {
     _config = new XRobotsTagConfiguration {
         Enabled = true
     };
     _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
 }
Esempio n. 9
0
 /// <summary>
 /// Initializes a new instance of the <see cref="XFrameOptionsAttribute"/> class
 /// </summary>
 public XFrameOptionsAttribute()
 {
     _config = new XFrameOptionsConfiguration {
         Policy = XfoPolicy.Deny
     };
     _configurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper        = new HeaderOverrideHelper();
 }
Esempio n. 10
0
 /// <summary>
 /// Initializes a new instance of the <see cref="SetNoCacheHttpHeadersAttribute"/> class
 /// </summary>
 public SetNoCacheHttpHeadersAttribute()
 {
     _config = new SimpleBooleanConfiguration {
         Enabled = true
     };
     _configurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper        = new HeaderOverrideHelper();
 }
 /// <summary>
 /// Initializes a new instance of the <see cref="XContentTypeOptionsAttribute"/> class
 /// </summary>
 public XContentTypeOptionsAttribute()
 {
     _config = new SimpleBooleanConfiguration {
         Enabled = true
     };
     _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper();
 }
Esempio n. 12
0
 protected CspDirectiveAttributeBase()
 {
     DirectiveConfig = new CspDirectiveOverride()
     {
         Enabled             = true,
         InheritOtherSources = true
     };
     _headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper();
 }
        protected CspPluginTypesAttributeBase(params string[] mediaTypes)
        {
            _directive = new CspPluginTypesOverride {
                Enabled = true, InheritMediaTypes = true
            };
            _configurationOverrideHelper = new CspConfigurationOverrideHelper();
            _headerOverrideHelper        = new HeaderOverrideHelper();

            if (mediaTypes.Length > 0)
            {
                _directive.MediaTypes = mediaTypes;
            }
        }
Esempio n. 14
0
        /// <summary>
        /// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
        /// </summary>
        /// <param name="helper"></param>
        public static IHtmlString CspStyleNonce(this HtmlHelper helper)
        {
            var context = helper.ViewContext.HttpContext;
            var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
            var headerOverrideHelper           = new HeaderOverrideHelper();

            var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);

            if (context.Items["NWebsecStyleNonceSet"] == null)
            {
                context.Items["NWebsecStyleNonceSet"] = "set";
                headerOverrideHelper.SetCspHeaders(context, false);
                headerOverrideHelper.SetCspHeaders(context, true);
            }

            return(CreateNonceAttribute(helper, nonce));
        }
Esempio n. 15
0
        /// <summary>
        /// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
        /// </summary>
        /// <param name="helper"></param>
        public static IHtmlString CspStyleNonce(this HtmlHelper helper)
        {
            var context = new HttpContextWrapper(helper.ViewContext.HttpContext);
            var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
            var headerOverrideHelper           = new HeaderOverrideHelper(new CspReportHelper());

            var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);

            if (context.GetItem <string>("NWebsecStyleNonceSet") == null)
            {
                context.SetItem("NWebsecStyleNonceSet", "set");
                headerOverrideHelper.SetCspHeaders(context, false);
                headerOverrideHelper.SetCspHeaders(context, true);
            }

            return(CreateNonceAttribute(helper, nonce));
        }
Esempio n. 16
0
        /// <summary>
        /// Generates a media type attribute suitable for an &lt;object&gt; or &lt;embed&gt; tag. The media type will be included in the CSP plugin-types directive.
        /// </summary>
        /// <param name="helper"></param>
        /// <param name="mediaType">The media type.</param>
        public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType)
        {
            new Rfc2045MediaTypeValidator().Validate(mediaType);

            var context = helper.ViewContext.HttpContext;
            var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
            var headerOverrideHelper           = new HeaderOverrideHelper();

            var configOverride = new CspPluginTypesOverride()
            {
                Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
            };

            cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
            cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);

            headerOverrideHelper.SetCspHeaders(context, false);
            headerOverrideHelper.SetCspHeaders(context, true);
            var attribute = string.Format("type=\"{0}\"", helper.AttributeEncode(mediaType));

            return(new HtmlString(attribute));
        }
        public void Setup()
        {
            _contextHelper = new Mock <IContextConfigurationHelper>(MockBehavior.Strict);
            _configurationOverrideHelper = new Mock <IHeaderConfigurationOverrideHelper>(MockBehavior.Strict);
            _headerGenerator             = new Mock <IHeaderGenerator>(MockBehavior.Strict);

            _expectedHeaderResult = new HeaderResult(HeaderResult.ResponseAction.Set, "ExpectedHeader", "ninjavalue");
            _headerResultHandler  = new Mock <IHeaderResultHandler>(MockBehavior.Strict);
            _headerResultHandler.Setup(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), _expectedHeaderResult));

            _cspConfigurationOverrideHelper = new Mock <ICspConfigurationOverrideHelper>(MockBehavior.Strict);
            _reportHelper = new Mock <ICspReportHelper>(MockBehavior.Strict);

            _overrideHelper = new HeaderOverrideHelper(_contextHelper.Object,
                                                       _configurationOverrideHelper.Object,
                                                       _headerGenerator.Object,
                                                       _headerResultHandler.Object,
                                                       _cspConfigurationOverrideHelper.Object,
                                                       _reportHelper.Object);

            _mockContext = new Mock <HttpContextBase>().Object;
        }
Esempio n. 18
0
        /// <summary>
        /// Generates a media type attribute suitable for an &lt;object&gt; or &lt;embed&gt; tag. The media type will be included in the CSP plugin-types directive.
        /// </summary>
        /// <param name="helper"></param>
        /// <param name="mediaType">The media type.</param>
        public static HtmlString CspMediaType(this IHtmlHelper <dynamic> helper, string mediaType)
        {
            new Rfc2045MediaTypeValidator().Validate(mediaType);

            var context = helper.ViewContext.HttpContext;
            var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
            var headerOverrideHelper           = new HeaderOverrideHelper();

            var configOverride = new CspPluginTypesOverride()
            {
                Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
            };

            cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
            cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);

            headerOverrideHelper.SetCspHeaders(context, false);
            headerOverrideHelper.SetCspHeaders(context, true);

            //TODO have a look at the encoder.
            var attribute = $"type=\"{helper.Encode(mediaType)}\"";

            return(new HtmlString(attribute));
        }