public override void OnActionExecuting(ActionExecutingContext filterContext)
{
ValidateParams();
_configurationOverrideHelper.SetCspPluginTypesOverride(filterContext.HttpContext, _directive, ReportOnly);
base.OnActionExecuting(filterContext);
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var configOverride = new CspPluginTypesOverride()
{
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
};
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
var attribute = string.Format("type=\"{0}\"", helper.AttributeEncode(mediaType));
return(new HtmlString(attribute));
}
public void SetCspPluginTypesOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)] bool reportOnly)
{
var contextConfig = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
//Returns CSP config from context
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny <HttpContextBase>(), reportOnly)).Returns(contextConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
//Returns cloned directive config from context config
var clonedContextDirective = new CspPluginTypesDirectiveConfiguration();
_directiveConfigMapper.Setup(m => m.GetCspPluginTypesConfigCloned(contextConfig)).Returns(clonedContextDirective);
//We need an override and a result.
var directiveOverride = new CspPluginTypesOverride();
var directiveOverrideResult = new CspPluginTypesDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspPluginTypesConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult);
CspConfigurationOverrideHelper.SetCspPluginTypesOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.AreSame(directiveOverrideResult, overrideConfig.PluginTypesDirective);
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static HtmlString CspMediaType(this IHtmlHelper <dynamic> helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var configOverride = new CspPluginTypesOverride()
{
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
};
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
//TODO have a look at the encoder.
var attribute = $"type=\"{helper.Encode(mediaType)}\"";
return(new HtmlString(attribute));
}