private string CreateHeaderValue(XssProtectionOptions options) { string result = null; if (options.FilterEnabled) { switch (options.Mode) { case XssProtectionMode.None: result = "1"; break; case XssProtectionMode.Block: result = "1; mode=block"; break; case XssProtectionMode.Report: result = $"1; report={options.ReportUri}"; break; } } else { result = "0"; } return(result); }
/// <summary> /// Adds middleware for using XSS, which adds the X-XSS-Protection header. /// </summary> /// <param name="app">The <see cref="IApplicationBuilder"/> instance this method extends.</param> public static IApplicationBuilder UseXssProtection(this IApplicationBuilder app) { XssProtectionOptionsBuilder optionsBuilder = new XssProtectionOptionsBuilder(); XssProtectionOptions options = optionsBuilder.BuildDefault(); return(app.UseMiddleware <XssProtectionMiddleware>(options)); }
public XssProtectionMiddleware(RequestDelegate next, XssProtectionOptions options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } this.next = next; headerValue = CreateHeaderValue(options); }
internal XssProtectionOptionsBuilder() { options = new XssProtectionOptions(); }