public HandlerTypeHelperTests()
{
_contextBase = new Mock <HttpContextBase>().Object;
Mock.Get(_contextBase).Setup(m => m.Items).Returns(new ListDictionary());
_httpContext = new HttpContextWrapper(_contextBase);
_helper = new HandlerTypeHelper();
}
public HttpContextWrapperTests()
{
_httpResponseBase = new Mock <HttpResponseBase>().Object;
Mock.Get(_httpResponseBase).Setup(r => r.Headers).Returns(new NameValueCollection());
_httpContextBase = new Mock <HttpContextBase>().Object;
Mock.Get(_httpContextBase).Setup(ctx => ctx.Items).Returns(new Dictionary <object, object>());
Mock.Get(_httpContextBase).Setup(ctx => ctx.Response).Returns(_httpResponseBase);
_contextWrapper = new HttpContextWrapper(_httpContextBase);
}
/// <summary>
/// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
/// </summary>
/// <param name="helper"></param>
public static IHtmlString CspStyleNonce(this HtmlHelper helper)
{
var context = new HttpContextWrapper(helper.ViewContext.HttpContext);
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);
if (context.GetItem <string>("NWebsecStyleNonceSet") == null)
{
context.SetItem("NWebsecStyleNonceSet", "set");
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
}
return(CreateNonceAttribute(helper, nonce));
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = new HttpContextWrapper(helper.ViewContext.HttpContext);
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
var configOverride = new CspPluginTypesOverride()
{
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
};
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
var attribute = $"type=\"{helper.AttributeEncode(mediaType)}\"";
return(new HtmlString(attribute));
}
