/// <summary>
/// Process an individual request.
/// </summary>
/// <param name="context">The context.</param>
/// <returns>The task object representing the asynchronous operation.</returns>
public async Task Invoke(HttpContext context)
{
if (IsCspReportRequest(context.Request))
{
ContentSecurityPolicyViolationReport report = null;
using (StreamReader requestBodyReader = new StreamReader(context.Request.Body))
{
using (JsonReader requestBodyJsonReader = new JsonTextReader(requestBodyReader))
{
JsonSerializer serializer = new JsonSerializer();
serializer.Converters.Add(new ContentSecurityPolicyViolationReportJsonConverter());
report = serializer.Deserialize <ContentSecurityPolicyViolationReport>(requestBodyJsonReader);
}
}
if (report != null)
{
ISecurityHeadersReportingService securityHeadersReportingService = context.RequestServices.GetRequiredService <ISecurityHeadersReportingService>();
await securityHeadersReportingService.OnContentSecurityPolicyViolationAsync(report);
}
context.Response.StatusCode = StatusCodes.Status204NoContent;
}
else
{
await _next(context);
}
}
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer)
{
ContentSecurityPolicyViolationReport value = null;
if (reader.TokenType == JsonToken.StartObject)
{
while ((value == null) && reader.Read() && (reader.TokenType != JsonToken.EndObject))
{
if ((reader.TokenType == JsonToken.PropertyName) && ((reader.Value as string) == "csp-report"))
{
if (reader.Read() && (reader.TokenType == JsonToken.StartObject))
{
value = new ContentSecurityPolicyViolationReport();
while (reader.Read() && (reader.TokenType != JsonToken.EndObject))
{
if ((reader.TokenType == JsonToken.PropertyName))
{
switch ((reader.Value as string))
{
case "document-uri":
value.DocumentUri = reader.ReadAsString();
break;
case "referrer":
value.Referrer = reader.ReadAsString();
break;
case "blocked-uri":
value.BlockedUri = reader.ReadAsString();
break;
case "effective-directive":
value.EffectiveDirective = reader.ReadAsString();
break;
case "violated-directive":
value.ViolatedDirective = reader.ReadAsString();
break;
case "original-policy":
value.Policy = reader.ReadAsString();
break;
case "disposition":
value.Disposition = (ContentSecurityPolicyDisposition)Enum.Parse(typeof(ContentSecurityPolicyDisposition), reader.ReadAsString(), true);
break;
case "status-code":
value.StatusCode = reader.ReadAsInt32() ?? 0;
break;
case "script-sample":
value.Sample = reader.ReadAsString();
break;
case "source-file":
value.SourceFile = reader.ReadAsString();
break;
case "line-number":
value.LineNumber = reader.ReadAsInt32();
break;
case "column-number":
value.ColumnNumber = reader.ReadAsInt32();
break;
default:
reader.Skip();
break;
}
}
}
}
}
else
{
reader.Skip();
}
}
}
return(value);
}
