private static IFluentCspOptions UseCspScripts(this IFluentCspOptions configurer, WebOptions.HostingOptions.CspOptions.CspDirectiveScripts cspDirective) { if (configurer == null) { throw new ArgumentNullException(nameof(configurer)); } if (cspDirective == null) { throw new ArgumentNullException(nameof(cspDirective)); } if (!cspDirective.IsEnabled) { return(configurer); } configurer .ScriptSources(x => { if (cspDirective.IsNone) { x.None(); } else { if (cspDirective.IsSelf) { x.Self(); } if (cspDirective.IsUnsafeEval) { x.UnsafeEval(); } if (cspDirective.IsUnsafeInline) { x.UnsafeInline(); } if (cspDirective.StrictDynamic) { x.StrictDynamic(); } if (cspDirective.Sources.Any()) { x.CustomSources(cspDirective.Sources); } } }); return(configurer); }
private static IFluentCspOptions UseCspPluginTypes(this IFluentCspOptions configurer, string[] pluginTypes) { if (configurer == null) { throw new ArgumentNullException(nameof(configurer)); } if (!pluginTypes.Any()) { return(configurer); } configurer .PluginTypes(x => x.MediaTypes(pluginTypes)); return(configurer); }
private static IFluentCspOptions UseCspReportUris(this IFluentCspOptions configurer, string[] reportUris) { if (configurer == null) { throw new ArgumentNullException(nameof(configurer)); } if (!reportUris.Any()) { return(configurer); } configurer .ReportUris(x => x.Uris(reportUris)); return(configurer); }
void DefineContentSecurityPolicy(IFluentCspOptions csp) { var fontSources = new string[] { "https://fonts.gstatic.com" }; var imageSources = new string[] { "data:" }; var reportUris = new string[] { "https://mikeandwanus.report-uri.com/r/d/csp/enforce" }; var scriptSources = new string[] { "https://cdn.jsdelivr.net", "https://stackpath.bootstrapcdn.com" }; var styleSources = new string[] { "https://fonts.googleapis.com" }; csp .DefaultSources(s => s.None()) .FontSources(s => s.CustomSources(fontSources)) .ImageSources(s => { s.Self(); s.CustomSources(imageSources); }) .ManifestSources(s => s.Self()) .ObjectSources(s => s.None()) .ReportUris(s => s.Uris(reportUris)) .ScriptSources(s => { s.Self(); s.UnsafeInline(); // needed by identityserver s.CustomSources(scriptSources); }) .StyleSources(s => { s.Self(); s.UnsafeInline(); s.CustomSources(styleSources); }); }
private static IFluentCspOptions UseCspObjects(this IFluentCspOptions configurer, WebOptions.HostingOptions.CspOptions.CspDirective cspDirective) { if (configurer == null) { throw new ArgumentNullException(nameof(configurer)); } if (cspDirective == null) { throw new ArgumentNullException(nameof(cspDirective)); } if (!cspDirective.IsEnabled) { return(configurer); } configurer .ObjectSources(x => { if (cspDirective.IsNone) { x.None(); } else { if (cspDirective.IsSelf) { x.Self(); } if (cspDirective.Sources.Any()) { x.CustomSources(cspDirective.Sources); } } }); return(configurer); }
void DefineContentSecurityPolicy(IFluentCspOptions csp) { var fontSources = new string[] { "https://fonts.gstatic.com" }; var imageSources = new string[] { "data:" }; var scriptSources = new string[] { "https://cdn.jsdelivr.net" }; var styleSources = new string[] { "https://fonts.googleapis.com" }; var workerSources = new string[] { "blob:" }; csp .DefaultSources(s => s.None()) .BaseUris(s => s.Self()) .ConnectSources(s => s.Self()) .FontSources(s => s.CustomSources(fontSources)) .ImageSources(s => s.CustomSources(imageSources)) .ScriptSources(s => { s.UnsafeInline(); s.CustomSources(scriptSources); }) .StyleSources(s => { s.UnsafeInline(); s.CustomSources(styleSources); }) .WorkerSources(s => s.CustomSources(workerSources)); }
void DefineContentSecurityPolicy(IFluentCspOptions csp) { // https://developers.google.com/maps/documentation/javascript/content-security-policy var connectSources = new string[] { "https://*.googleapis.com", "https://*.google.com", "https://*.gstatic.com", "https://*.google-analytics.com" }; var fontSources = new string[] { "https://fonts.gstatic.com", "https://cdnjs.cloudflare.com" }; var frameSources = new string[] { "https://*.google.com" }; var imageSources = new string[] { "data:", "https://*.google.com", "https://*.gstatic.com", "https://*.googleapis.com", "https://*.googleusercontent.com", "https://*.google-analytics.com", "https://vortex.accuweather.com" }; var reportUris = new string[] { "https://mikeandwanus.report-uri.com/r/d/csp/enforce" }; var scriptSources = new string[] { // bootstrap "https://cdn.jsdelivr.net", "https://cdnjs.cloudflare.com", "https://stackpath.bootstrapcdn.com", "https://*.google.com", "https://*.gstatic.com", "https://*.googleapis.com", "https://*.google-analytics.com", "https://*.ggpht.com", "https://*.googleusercontent.com", "https://www.googletagmanager.com", "https://www.accuweather.com", "https://oap.accuweather.com", "https://vortex.accuweather.com" }; var styleSources = new string[] { "https://cdnjs.cloudflare.com", "https://fonts.googleapis.com", "https://vortex.accuweather.com" }; csp .DefaultSources(s => s.None()) .BaseUris(s => s.Self()) .ConnectSources(s => { s.Self(); s.CustomSources(connectSources); }) .FontSources(s => s.CustomSources(fontSources)) .FrameSources(s => s.CustomSources(frameSources)) .ImageSources(s => { s.Self(); s.CustomSources(imageSources); }) .ManifestSources(s => s.Self()) .MediaSources(s => s.Self()) .ObjectSources(s => s.None()) .ReportUris(s => s.Uris(reportUris)) .ScriptSources(s => { s.Self(); s.UnsafeInline(); s.CustomSources(scriptSources); }) .StyleSources(s => { s.Self(); s.UnsafeInline(); s.CustomSources(styleSources); }); }
private static IFluentCspOptions UseCspSandbox(this IFluentCspOptions configurer, WebOptions.HostingOptions.CspOptions.CspDirectiveSandbox cspDirectiveSandbox) { if (configurer == null) { throw new ArgumentNullException(nameof(configurer)); } if (cspDirectiveSandbox == null) { throw new ArgumentNullException(nameof(cspDirectiveSandbox)); } if (!cspDirectiveSandbox.IsEnabled) { return(configurer); } configurer .Sandbox(y => { if (cspDirectiveSandbox.AllowForms) { y.AllowForms(); } if (cspDirectiveSandbox.AllowModals) { y.AllowModals(); } if (cspDirectiveSandbox.AllowOrientationLock) { y.AllowOrientationLock(); } if (cspDirectiveSandbox.AllowPointerLock) { y.AllowPointerLock(); } if (cspDirectiveSandbox.AllowPopups) { y.AllowPopups(); } if (cspDirectiveSandbox.AllowPopupsToEscapeSandbox) { y.AllowPopupsToEscapeSandbox(); } if (cspDirectiveSandbox.AllowPresentation) { y.AllowPresentation(); } if (cspDirectiveSandbox.AllowSameOrigin) { y.AllowSameOrigin(); } if (cspDirectiveSandbox.AllowScripts) { y.AllowScripts(); } if (cspDirectiveSandbox.AllowTopNavigation) { y.AllowTopNavigation(); } }); return(configurer); }