internal void SetContentRelatedHeadersFromConfig(HttpContextBase context)
 {
     var nwebsecContext = context.GetNWebsecContext();
     SetXXssProtectionHeader(context, nwebsecContext);
     SetCspHeaders(context, nwebsecContext, false);
     SetCspHeaders(context, nwebsecContext, true);
     SetNoCacheHeadersFromConfig(context, nwebsecContext);
 }
 private ICspConfiguration GetCspReportonlyConfiguration(HttpContextBase context)
 {
     var owinContext = context.GetNWebsecOwinContext();
     if (owinContext != null && owinContext.CspReportOnly != null)
     {
         return owinContext.CspReportOnly;
     }
     return context.GetNWebsecContext().CspReportOnly;
 }
 public IXXssProtectionConfiguration GetXXssProtectionConfiguration(HttpContextBase context)
 {
     var owinContext = context.GetNWebsecOwinContext();
     if (owinContext != null && owinContext.XXssProtection != null)
     {
         return owinContext.XXssProtection;
     }
     return context.GetNWebsecContext().XXssProtection;
 }
 public ISimpleBooleanConfiguration GetXDownloadOptionsConfiguration(HttpContextBase context)
 {
     var owinContext = context.GetNWebsecOwinContext();
     if (owinContext != null && owinContext.XDownloadOptions != null)
     {
         return owinContext.XDownloadOptions;
     }
     return context.GetNWebsecContext().XDownloadOptions;
 }
 public IXFrameOptionsConfiguration GetXFrameOptionsConfiguration(HttpContextBase context)
 {
     var owinContext = context.GetNWebsecOwinContext();
     if (owinContext != null && owinContext.XFrameOptions != null)
     {
         return owinContext.XFrameOptions;
     }
     return context.GetNWebsecContext().XFrameOptions;
 }
 public IXRobotsTagConfiguration GetXRobotsTagConfiguration(HttpContextBase context)
 {
     var owinContext = context.GetNWebsecOwinContext();
     if (owinContext != null && owinContext.XRobotsTag != null)
     {
         return owinContext.XRobotsTag;
     }
     return context.GetNWebsecContext().XRobotsTag;
 }
 internal void SetSitewideHeadersFromConfig(HttpContextBase context)
 {
     var nwebsecContext = context.GetNWebsecContext();
     SetHstsHeader(context.Response, context.Request.IsSecureConnection, _cspUpgradeRequestHelper.UaSupportsUpgradeInsecureRequests(context.Request));
     SetHpkpHeader(context.Response, context.Request.IsSecureConnection, false);
     SetHpkpHeader(context.Response, context.Request.IsSecureConnection, true);
     SetXRobotsTagHeader(context.Response, nwebsecContext);
     SetXFrameoptionsHeader(context.Response, nwebsecContext);
     SetXContentTypeOptionsHeader(context.Response, nwebsecContext);
     SetXDownloadOptionsHeader(context.Response, nwebsecContext);
 }
        public ICspConfiguration GetCspConfiguration(HttpContextBase context, bool reportOnly)
        {
            if (reportOnly)
            {
                return GetCspReportonlyConfiguration(context);
            }

            var owinContext = context.GetNWebsecOwinContext();
            if (owinContext != null && owinContext.Csp != null)
            {
                return owinContext.Csp;
            }
            return context.GetNWebsecContext().Csp;
        }
        public CspOverrideConfiguration GetCspConfigurationOverride(HttpContextBase httpContext, bool reportOnly, bool allowNull)
        {
            var context = httpContext.GetNWebsecOwinContext() ?? httpContext.GetNWebsecContext();
            var configOverride = GetConfigOverrides(context);

            if (allowNull)
            {
                return (reportOnly ? configOverride.CspReportOnlyOverride : configOverride.CspOverride) as CspOverrideConfiguration;
            }

            if (reportOnly)
            {
                if (configOverride.CspReportOnlyOverride == null)
                {
                    configOverride.CspReportOnlyOverride = new CspOverrideConfiguration();
                }
                return configOverride.CspReportOnlyOverride as CspOverrideConfiguration;
            }

            if (configOverride.CspOverride == null)
            {
                configOverride.CspOverride = new CspOverrideConfiguration();
            }
            return configOverride.CspOverride as CspOverrideConfiguration;
        }