void DefineContentSecurityPolicy(IFluentCspOptions csp)
{
var fontSources = new string[] {
"https://fonts.gstatic.com"
};
var imageSources = new string[] {
"data:"
};
var reportUris = new string[] {
"https://mikeandwanus.report-uri.com/r/d/csp/enforce"
};
var scriptSources = new string[] {
"https://cdn.jsdelivr.net",
"https://stackpath.bootstrapcdn.com"
};
var styleSources = new string[] {
"https://fonts.googleapis.com"
};
csp
.DefaultSources(s => s.None())
.FontSources(s => s.CustomSources(fontSources))
.ImageSources(s => {
s.Self();
s.CustomSources(imageSources);
})
.ManifestSources(s => s.Self())
.ObjectSources(s => s.None())
.ReportUris(s => s.Uris(reportUris))
.ScriptSources(s => {
s.Self();
s.UnsafeInline(); // needed by identityserver
s.CustomSources(scriptSources);
})
.StyleSources(s => {
s.Self();
s.UnsafeInline();
s.CustomSources(styleSources);
});
}
private static IFluentCspOptions UseCspDefaults(this IFluentCspOptions configurer, WebOptions.HostingOptions.CspOptions.CspDirective cspDirective)
{
if (configurer == null)
{
throw new ArgumentNullException(nameof(configurer));
}
if (cspDirective == null)
{
throw new ArgumentNullException(nameof(cspDirective));
}
if (!cspDirective.IsEnabled)
{
return(configurer);
}
configurer
.DefaultSources(x =>
{
if (cspDirective.IsNone)
{
x.None();
}
else
{
if (cspDirective.IsSelf)
{
x.Self();
}
if (cspDirective.Sources.Any())
{
x.CustomSources(cspDirective.Sources);
}
}
});
return(configurer);
}
void DefineContentSecurityPolicy(IFluentCspOptions csp)
{
var fontSources = new string[] {
"https://fonts.gstatic.com"
};
var imageSources = new string[] {
"data:"
};
var scriptSources = new string[] {
"https://cdn.jsdelivr.net"
};
var styleSources = new string[] {
"https://fonts.googleapis.com"
};
var workerSources = new string[] {
"blob:"
};
csp
.DefaultSources(s => s.None())
.BaseUris(s => s.Self())
.ConnectSources(s => s.Self())
.FontSources(s => s.CustomSources(fontSources))
.ImageSources(s => s.CustomSources(imageSources))
.ScriptSources(s => {
s.UnsafeInline();
s.CustomSources(scriptSources);
})
.StyleSources(s => {
s.UnsafeInline();
s.CustomSources(styleSources);
})
.WorkerSources(s => s.CustomSources(workerSources));
}
void DefineContentSecurityPolicy(IFluentCspOptions csp)
{
// https://developers.google.com/maps/documentation/javascript/content-security-policy
var connectSources = new string[] {
"https://*.googleapis.com",
"https://*.google.com",
"https://*.gstatic.com",
"https://*.google-analytics.com"
};
var fontSources = new string[] {
"https://fonts.gstatic.com",
"https://cdnjs.cloudflare.com"
};
var frameSources = new string[] {
"https://*.google.com"
};
var imageSources = new string[] {
"data:",
"https://*.google.com",
"https://*.gstatic.com",
"https://*.googleapis.com",
"https://*.googleusercontent.com",
"https://*.google-analytics.com",
"https://vortex.accuweather.com"
};
var reportUris = new string[] {
"https://mikeandwanus.report-uri.com/r/d/csp/enforce"
};
var scriptSources = new string[] {
// bootstrap
"https://cdn.jsdelivr.net",
"https://cdnjs.cloudflare.com",
"https://stackpath.bootstrapcdn.com",
"https://*.google.com",
"https://*.gstatic.com",
"https://*.googleapis.com",
"https://*.google-analytics.com",
"https://*.ggpht.com",
"https://*.googleusercontent.com",
"https://www.googletagmanager.com",
"https://www.accuweather.com",
"https://oap.accuweather.com",
"https://vortex.accuweather.com"
};
var styleSources = new string[] {
"https://cdnjs.cloudflare.com",
"https://fonts.googleapis.com",
"https://vortex.accuweather.com"
};
csp
.DefaultSources(s => s.None())
.BaseUris(s => s.Self())
.ConnectSources(s =>
{
s.Self();
s.CustomSources(connectSources);
})
.FontSources(s => s.CustomSources(fontSources))
.FrameSources(s => s.CustomSources(frameSources))
.ImageSources(s =>
{
s.Self();
s.CustomSources(imageSources);
})
.ManifestSources(s => s.Self())
.MediaSources(s => s.Self())
.ObjectSources(s => s.None())
.ReportUris(s => s.Uris(reportUris))
.ScriptSources(s =>
{
s.Self();
s.UnsafeInline();
s.CustomSources(scriptSources);
})
.StyleSources(s =>
{
s.Self();
s.UnsafeInline();
s.CustomSources(styleSources);
});
}
