/// <summary> /// Builds the HTTP header value /// </summary> /// <returns>A string representing the HTTP header value</returns> public string BuildHeaderValue() { var stringBuilder = new StringBuilder(); switch (OptionValue) { case XFrameOptions.deny: stringBuilder.Append("deny"); break; case XFrameOptions.sameorigin: stringBuilder.Append("sameorigin"); break; case XFrameOptions.allowfrom: if (string.IsNullOrWhiteSpace(AllowFromDomain)) { ArgumentExceptionHelper.RaiseException(nameof(AllowFromDomain)); } stringBuilder.Append("allow-from: "); stringBuilder.Append(AllowFromDomain); break; } return(stringBuilder.ToString()); }
/// <summary> /// Builds the HTTP header value /// </summary> /// <returns>A string representing the HTTP header value</returns> public string BuildHeaderValue() { var stringBuilder = new StringBuilder(); switch (XssSetting) { case XssMode.zero: stringBuilder.Append(0); break; case XssMode.one: stringBuilder.Append(1); break; case XssMode.oneBlock: stringBuilder.Append("1; mode=block"); break; case XssMode.oneReport: if (string.IsNullOrWhiteSpace(ReportUri)) { ArgumentExceptionHelper.RaiseException(nameof(ReportUri)); } stringBuilder.Append("1; report="); stringBuilder.Append(ReportUri); break; } return(stringBuilder.ToString()); }
public string BuildHeaderValue() { switch (xPermittedCrossDomainOptionValue) { case XPermittedCrossDomainOptionValue.none: return("none;"); case XPermittedCrossDomainOptionValue.masterOnly: return("master-only;"); case XPermittedCrossDomainOptionValue.byContentType: return("by-content-type;"); case XPermittedCrossDomainOptionValue.byFtpFileType: return("by-ftp-file-type;"); case XPermittedCrossDomainOptionValue.all: return("all;"); default: ArgumentExceptionHelper.RaiseException(nameof(xPermittedCrossDomainOptionValue)); break; } return(";"); }
/// <summary> /// Builds the HTTP header value /// </summary> /// <returns>A string representing the HTTP header value</returns> public string BuildHeaderValue() { var stringBuilder = new StringBuilder(); switch (OptionValue) { case XFrameOptions.Deny: stringBuilder.Append("DENY"); break; case XFrameOptions.Sameorigin: stringBuilder.Append("SAMEORIGIN"); break; case XFrameOptions.Allowfrom: if (string.IsNullOrWhiteSpace(AllowFromDomain)) { ArgumentExceptionHelper.RaiseException(nameof(AllowFromDomain)); } stringBuilder.Append($"ALLOW-FROM({AllowFromDomain})"); break; case XFrameOptions.AllowAll: stringBuilder.Append("ALLOWALL"); break; } return(stringBuilder.ToString()); }
public string BuildHeaderValue() { switch (ReferrerPolicyOption) { case ReferrerPolicyOptions.noReferrer: return("no-referrer"); case ReferrerPolicyOptions.noReferrerWhenDowngrade: return("no-referrer-when-downgrade"); case ReferrerPolicyOptions.origin: return("origin"); case ReferrerPolicyOptions.originWhenCrossOrigin: return("origin-when-cross-origin"); case ReferrerPolicyOptions.sameOrigin: return("same-origin"); case ReferrerPolicyOptions.strictOrigin: return("strict-origin"); case ReferrerPolicyOptions.strictWhenCrossOrigin: return("strict-origin-when-cross-origin"); case ReferrerPolicyOptions.unsafeUrl: return("unsafe-url"); default: ArgumentExceptionHelper.RaiseException(nameof(ReferrerPolicyOption)); break; } return(";"); }
public string BuildHeaderValue() { if (string.IsNullOrWhiteSpace(OptionValue)) { ArgumentExceptionHelper.RaiseException(nameof(OptionValue)); } return(OptionValue); }
public new string BuildHeaderValue() { if (string.IsNullOrWhiteSpace(ReportUri)) { // We cannot have an empty ReportUri in a Report-Uri only CSP // Whilst this doesn't break the spec, as it states: // "The CSP report-uri directive should be used with this header, // otherwise this header will be an expensive no-op machine" // the decision has been taken to raise an exception here when // an empty one has been supplied. // This decision was taken to ensure that the Report-Uri will // actually be called - otherwise this response header is useless ArgumentExceptionHelper.RaiseException(nameof(ReportUri)); } return(base.BuildHeaderValue()); }
public static SecureHeadersMiddlewareConfiguration UseContentSecurityPolicyReportOnly (this SecureHeadersMiddlewareConfiguration config, string reportUri, string pluginTypes = null, bool blockAllMixedContent = true, bool upgradeInsecureRequests = true, string referrer = null, bool useXContentSecurityPolicy = false) { // Check whether the URI is valid before continuing if (!reportUri.IsValidHttpsUri()) { ArgumentExceptionHelper.RaiseException(nameof(reportUri)); } config.UseContentSecurityPolicyReportOnly = true; config.UseXContentSecurityPolicy = useXContentSecurityPolicy; config.ContentSecurityPolicyReportOnlyConfiguration = new ContentSecurityPolicyReportOnlyConfiguration (pluginTypes, blockAllMixedContent, upgradeInsecureRequests, referrer, reportUri); return(config); }
/// <summary> /// Used to set the Content Security Policy URIs for a given <see cref="CspUriType"/> /// </summary> public static ContentSecurityPolicyConfiguration SetCspUri (this ContentSecurityPolicyConfiguration @this, List <ContentSecurityPolicyElement> uris, CspUriType uriType) { switch (uriType) { case CspUriType.Base: @this.BaseUri = uris; break; case CspUriType.DefaultUri: @this.DefaultSrc = uris; break; case CspUriType.Script: @this.ScriptSrc = uris; break; case CspUriType.Object: @this.ObjectSrc = uris; break; case CspUriType.Style: @this.StyleSrc = uris; break; case CspUriType.Img: @this.ImgSrc = uris; break; case CspUriType.Media: @this.MediaSrc = uris; break; case CspUriType.Frame: @this.FrameSrc = uris; break; case CspUriType.Child: @this.ChildSrc = uris; break; case CspUriType.FrameAncestors: @this.FrameAncestors = uris; break; case CspUriType.Font: @this.FontSrc = uris; break; case CspUriType.Connect: @this.ConnectSrc = uris; break; case CspUriType.Manifest: @this.ManifestSrc = uris; break; case CspUriType.Form: @this.FormAction = uris; break; default: ArgumentExceptionHelper.RaiseException(nameof(CspUriType)); break; } return(@this); }