public override void Process(TagHelperContext context, TagHelperOutput output)
{
new Rfc2045MediaTypeValidator().Validate(NwsCspPluginType);
var configOverride = new CspPluginTypesOverride {
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { NwsCspPluginType }
};
_cspConfigOverride.SetCspPluginTypesOverride(ViewContext.HttpContext, configOverride, false);
_cspConfigOverride.SetCspPluginTypesOverride(ViewContext.HttpContext, configOverride, true);
_headerOverride.SetCspHeaders(ViewContext.HttpContext, false);
_headerOverride.SetCspHeaders(ViewContext.HttpContext, true);
output.Attributes.Add(new TagHelperAttribute("type", NwsCspPluginType));
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
if (!UseCspNonce)
{
return;
}
var httpContext = new HttpContextWrapper(ViewContext.HttpContext);
string nonce;
string contextMarkerKey;
var tag = output.TagName;
if (tag == ScriptTag)
{
nonce = _cspConfigOverride.GetCspScriptNonce(httpContext);
contextMarkerKey = "NWebsecScriptNonceSet";
}
else if (tag == StyleTag)
{
nonce = _cspConfigOverride.GetCspStyleNonce(httpContext);
contextMarkerKey = "NWebsecStyleNonceSet";
}
else
{
throw new Exception($"Something went horribly wrong. You shouldn't be here for the tag {tag}.");
}
// First reference to a nonce, set header and mark that header has been set. We only need to set it once.
if (httpContext.GetItem <string>(contextMarkerKey) == null)
{
httpContext.SetItem(contextMarkerKey, "set");
_headerOverride.SetCspHeaders(httpContext, false);
_headerOverride.SetCspHeaders(httpContext, true);
}
output.Attributes.Add(new TagHelperAttribute("nonce", nonce));
}
