/// <summary> /// Process an individual request. /// </summary> /// <param name="context">The context.</param> /// <returns>The task object representing the asynchronous operation.</returns> public async Task Invoke(HttpContext context) { if (IsCspReportRequest(context.Request)) { ContentSecurityPolicyViolationReport report = null; using (StreamReader requestBodyReader = new StreamReader(context.Request.Body)) { using (JsonReader requestBodyJsonReader = new JsonTextReader(requestBodyReader)) { JsonSerializer serializer = new JsonSerializer(); serializer.Converters.Add(new ContentSecurityPolicyViolationReportJsonConverter()); report = serializer.Deserialize <ContentSecurityPolicyViolationReport>(requestBodyJsonReader); } } if (report != null) { ISecurityHeadersReportingService securityHeadersReportingService = context.RequestServices.GetRequiredService <ISecurityHeadersReportingService>(); await securityHeadersReportingService.OnContentSecurityPolicyViolationAsync(report); } context.Response.StatusCode = StatusCodes.Status204NoContent; } else { await _next(context); } }
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) { ContentSecurityPolicyViolationReport value = null; if (reader.TokenType == JsonToken.StartObject) { while ((value == null) && reader.Read() && (reader.TokenType != JsonToken.EndObject)) { if ((reader.TokenType == JsonToken.PropertyName) && ((reader.Value as string) == "csp-report")) { if (reader.Read() && (reader.TokenType == JsonToken.StartObject)) { value = new ContentSecurityPolicyViolationReport(); while (reader.Read() && (reader.TokenType != JsonToken.EndObject)) { if ((reader.TokenType == JsonToken.PropertyName)) { switch ((reader.Value as string)) { case "document-uri": value.DocumentUri = reader.ReadAsString(); break; case "referrer": value.Referrer = reader.ReadAsString(); break; case "blocked-uri": value.BlockedUri = reader.ReadAsString(); break; case "effective-directive": value.EffectiveDirective = reader.ReadAsString(); break; case "violated-directive": value.ViolatedDirective = reader.ReadAsString(); break; case "original-policy": value.Policy = reader.ReadAsString(); break; case "disposition": value.Disposition = (ContentSecurityPolicyDisposition)Enum.Parse(typeof(ContentSecurityPolicyDisposition), reader.ReadAsString(), true); break; case "status-code": value.StatusCode = reader.ReadAsInt32() ?? 0; break; case "script-sample": value.Sample = reader.ReadAsString(); break; case "source-file": value.SourceFile = reader.ReadAsString(); break; case "line-number": value.LineNumber = reader.ReadAsInt32(); break; case "column-number": value.ColumnNumber = reader.ReadAsInt32(); break; default: reader.Skip(); break; } } } } } else { reader.Skip(); } } } return(value); }