protected override ICollection <string> GetParts(ICspNonceService nonceService)
{
ICollection <string> parts = base.GetParts(nonceService);
if (AddNonce)
{
if (nonceService == null)
{
throw new ArgumentNullException(
nameof(nonceService),
"Nonce service was not found, it needs to be added to the service collection");
}
parts.Add($"'nonce-{nonceService.GetNonce()}'");
}
if (AllowUnsafeEval)
{
parts.Add("'unsafe-eval'");
}
if (AllowUnsafeInline)
{
parts.Add("'unsafe-inline'");
}
if (StrictDynamic)
{
parts.Add("'strict-dynamic'");
}
return(parts);
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
if (AddNonce)
{
// The nonce service is created per request, so we
// get the same nonce here as the CSP header
output.Attributes.Add("nonce", _nonceService.GetNonce());
}
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
if (AddNonce)
{
// The nonce service is created per request, so we
// get the same nonce here as the CSP header
// when doing this, the nonce wasn't reliably being injected (that might have been due to the nonce have non url friendly chars).
//output.Attributes.Add("nonce", _nonceService.GetNonce());
// this injected the nonce all the time.
var attribute = new TagHelperAttribute("nonce", _nonceService.GetNonce(), HtmlAttributeValueStyle.DoubleQuotes);
output.Attributes.SetAttribute(attribute);
}
}
protected override ICollection <string> GetParts(ICspNonceService nonceService)
{
ICollection <string> parts = base.GetParts(nonceService);
if (AddNonce)
{
parts.Add($"'nonce-{nonceService.GetNonce()}'");
}
if (AllowUnsafeInline)
{
parts.Add("'unsafe-inline'");
}
return(parts);
}
/// <summary>
/// Adds the nonce (for specific inline scripts) to the directive value.
/// </summary>
/// <param name="nonceService">Service for generating the nonce.</param>
public FetchDirectiveBuilder AllowNonce(ICspNonceService nonceService)
{
if (nonceService == null)
{
throw new ArgumentNullException(nameof(nonceService));
}
string nonce = nonceService.GetNonce();
string item = $"'nonce-{nonce}'";
if (!noncesAllowed.Contains(item))
{
noncesAllowed.Add(item);
}
return(this);
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
if (!_service.Enabled)
{
output.TagName = null;
return;
}
var requestCulture = _contextAccessor.HttpContext.Features.Get <IRequestCultureFeature>();
var language = requestCulture?.RequestCulture?.UICulture?.Name ?? _service.LanguageCode;
var javaScriptUrl = _service.JavaScriptUrl;
if (!string.IsNullOrEmpty(language))
{
javaScriptUrl = $"{javaScriptUrl}?hl={language}";
}
output.TagName = "script";
output.TagMode = TagMode.StartTagAndEndTag;
output.Attributes.Add("src", javaScriptUrl);
output.Attributes.Add("async", string.Empty);
output.Attributes.Add("defer", string.Empty);
if (JqueryValidation ?? true)
{
var script = new TagBuilder("script");
if (!(_nonceService is null))
{
script.Attributes.Add("nonce", _nonceService.GetNonce());
}
script.TagRenderMode = TagRenderMode.Normal;
script.InnerHtml.AppendHtml(string.Format(_scriptSnippet,
RecaptchaTagHelper.RecaptchaValidationJSCallBack, ValidationMessageElementId, _service.ValidationMessage));
output.PostElement.AppendHtml(script);
}
}