internal void SetReferrerPolicyHeader(IHttpContextWrapper httpContext, NWebsecContext nwebsecContext) { nwebsecContext.ReferrerPolicy = WebConfig.SecurityHttpHeaders.ReferrerPolicy; var result = _headerGenerator.CreateReferrerPolicyResult(WebConfig.SecurityHttpHeaders.ReferrerPolicy); _headerResultHandler.HandleHeaderResult(httpContext, result); }
internal void SetXRobotsTagHeader(IHttpContextWrapper httpContext, NWebsecContext nwebsecContext) { nwebsecContext.XRobotsTag = WebConfig.XRobotsTag; var result = _headerGenerator.CreateXRobotsTagResult(WebConfig.XRobotsTag); _headerResultHandler.HandleHeaderResult(httpContext, result); }
internal void SetXDownloadOptionsHeader(IHttpContextWrapper httpContext, NWebsecContext nwebsecContext) { nwebsecContext.XDownloadOptions = WebConfig.SecurityHttpHeaders.XDownloadOptions; var result = _headerGenerator.CreateXDownloadOptionsResult(WebConfig.SecurityHttpHeaders.XDownloadOptions); _headerResultHandler.HandleHeaderResult(httpContext, result); }
internal void SetXDownloadOptionsHeader(HttpResponseBase response, NWebsecContext nwebsecContext) { nwebsecContext.XDownloadOptions = WebConfig.SecurityHttpHeaders.XDownloadOptions; var result = _headerGenerator.CreateXDownloadOptionsResult(WebConfig.SecurityHttpHeaders.XDownloadOptions); _headerResultHandler.HandleHeaderResult(response, result); }
internal void SetXRobotsTagHeader(HttpResponseBase response, NWebsecContext nwebsecContext) { nwebsecContext.XRobotsTag = WebConfig.XRobotsTag; var result = _headerGenerator.CreateXRobotsTagResult(WebConfig.XRobotsTag); _headerResultHandler.HandleHeaderResult(response, result); }
public ConfigurationHeaderSetterTests() { _mockRequest = new Mock <HttpRequestBase>(); _mockRequest.Setup(r => r.UserAgent).Returns("Ninja CSP browser"); var mockResponse = new Mock <HttpResponseBase>(); mockResponse.Setup(r => r.Headers).Returns(new NameValueCollection()); var mockedContext = new Mock <HttpContextBase>(); mockedContext.SetupAllProperties(); mockedContext.Setup(c => c.Request).Returns(_mockRequest.Object); mockedContext.Setup(c => c.Response).Returns(mockResponse.Object); _expectedHeaderResult = new HeaderResult(HeaderResult.ResponseAction.Set, "SomeHeader", "SomeValue"); _mockHeaderGenerator = new Mock <IHeaderGenerator>(MockBehavior.Strict); _mockHeaderResultHandler = new Mock <IHeaderResultHandler>(MockBehavior.Strict); _mockHeaderResultHandler.Setup(h => h.HandleHeaderResult(It.IsAny <IHttpContextWrapper>(), _expectedHeaderResult)); _mockHandlerHelper = new Mock <IHandlerTypeHelper>(); _mockCspReportHelper = new Mock <ICspReportHelper>(MockBehavior.Strict); var mockContextBase = mockedContext.Object; _httpContext = new Mock <IHttpContextWrapper>().Object; Mock.Get(_httpContext).Setup(ctx => ctx.GetOriginalHttpContext <HttpContextBase>()).Returns(mockContextBase); _config = new HttpHeaderSecurityConfigurationSection(); _configHeaderSetter = new ConfigurationHeaderSetter(_config, _mockHeaderGenerator.Object, _mockHeaderResultHandler.Object, _mockHandlerHelper.Object, _mockCspReportHelper.Object); _nwebsecContext = new NWebsecContext(); }
private ConfigurationOverrides GetConfigOverrides(NWebsecContext context) { if (context.ConfigOverrides == null) { context.ConfigOverrides = new ConfigurationOverrides(); } return(context.ConfigOverrides); }
public ContextConfigurationHelperTests() { _systemWebContext = new NWebsecContext(); _owinContext = new NWebsecContext(); _mockContext = new Mock <IHttpContextWrapper>().Object; Mock.Get(_mockContext).Setup(c => c.GetNWebsecContext()).Returns(_systemWebContext); _contextHelper = new ContextConfigurationHelper(); }
internal void SetNoCacheHeadersFromConfig(IHttpContextWrapper context, NWebsecContext nwebsecContext) { if (!WebConfig.NoCacheHttpHeaders.Enabled || _handlerHelper.IsUnmanagedHandler(context) || _handlerHelper.IsStaticContentHandler(context)) { return; } nwebsecContext.NoCacheHeaders = WebConfig.NoCacheHttpHeaders; context.SetNoCacheHeaders(); }
public ContextConfigurationHelperTests() { _nwContext = new NWebsecContext(); var mockContext = new Mock <HttpContext>(); mockContext.Setup(c => c.Items["nwebsec.Context"]).Returns(_nwContext); _mockContext = mockContext.Object; _contextHelper = new ContextConfigurationHelper(); }
public void GetNWebsecOwinContext_HasContext_ReturnsContext() { var owinContext = new NWebsecContext(); var owinEnv = new Dictionary <string, object>(); owinEnv[NWebsecContext.ContextKey] = owinContext; _mockContext.Items["owin.Environment"] = owinEnv; var result = _mockContext.GetNWebsecOwinContext(); Assert.Same(owinContext, result); }
public void Setup() { _systemWebContext = new NWebsecContext(); _owinContext = new NWebsecContext(); var mockContext = new Mock <HttpContextBase>(); mockContext.Setup(c => c.Items["nwebsec.Context"]).Returns(_systemWebContext); _mockContext = mockContext.Object; _contextHelper = new ContextConfigurationHelper(); }
internal void SetXXssProtectionHeader(IHttpContextWrapper context, NWebsecContext nwebsecContext) { if (_handlerHelper.IsUnmanagedHandler(context) || _handlerHelper.IsStaticContentHandler(context)) { return; } nwebsecContext.XXssProtection = WebConfig.SecurityHttpHeaders.XXssProtection; var result = _headerGenerator.CreateXXssProtectionResult(WebConfig.SecurityHttpHeaders.XXssProtection); _headerResultHandler.HandleHeaderResult(context, result); }
public void GetNWebsecOwinContext_HasContext_ReturnsContext() { var owinContext = new NWebsecContext(); var owinEnv = new Dictionary <string, object> { [NWebsecContext.ContextKey] = owinContext }; _httpContextBase.Items["owin.Environment"] = owinEnv; var result = _contextWrapper.GetNWebsecOwinContext(); Assert.Same(owinContext, result); }
internal void SetCspHeaders(IHttpContextWrapper context, NWebsecContext nwebsecContext, bool reportOnly) { if (_handlerHelper.IsStaticContentHandler(context) || _handlerHelper.IsUnmanagedHandler(context)) { return; } ICspConfiguration cspConfig; if (reportOnly) { cspConfig = nwebsecContext.CspReportOnly = WebConfig.SecurityHttpHeaders.CspReportOnly; } else { cspConfig = nwebsecContext.Csp = WebConfig.SecurityHttpHeaders.Csp; } var result = _headerGenerator.CreateCspResult(cspConfig, reportOnly, _reportHelper.GetBuiltInCspReportHandlerRelativeUri()); _headerResultHandler.HandleHeaderResult(context, result); }
private ConfigurationOverrides GetConfigOverrides(NWebsecContext context) { return(context.ConfigOverrides ?? (context.ConfigOverrides = new ConfigurationOverrides())); }