public static Response UpdateHeader(Response response, ResponseFrameOptionsType type, string domain = "")
{
switch (type)
{
case ResponseFrameOptionsType.DENY:
{
return(response.WithHeader(FrameOptionsConstants.XFrameOptions, FrameOptionsConstants.DenyFrames));
}
case ResponseFrameOptionsType.SAMEORIGIN:
{
return(response.WithHeader(FrameOptionsConstants.XFrameOptions, FrameOptionsConstants.SameOriginFrames));
}
case ResponseFrameOptionsType.ALLOWFROM when !string.IsNullOrWhiteSpace(domain):
{
return(response.WithHeader(FrameOptionsConstants.XFrameOptions, $"{FrameOptionsConstants.AllowFrom} {domain}"));
}
default:
{
return(response.WithHeader(FrameOptionsConstants.XFrameOptions, FrameOptionsConstants.DenyFrames));
}
}
}
public static void UpdateHeader(HttpResponse response, ResponseFrameOptionsType type, string domain)
{
switch (type)
{
case ResponseFrameOptionsType.DENY:
{
response.AppendHeader(FrameOptionsConstants.XFrameOptions, FrameOptionsConstants.DenyFrames);
break;
}
case ResponseFrameOptionsType.SAMEORIGIN:
{
response.AppendHeader(FrameOptionsConstants.XFrameOptions, FrameOptionsConstants.SameOriginFrames);
break;
}
case ResponseFrameOptionsType.ALLOWFROM when !string.IsNullOrWhiteSpace(domain):
{
response.AppendHeader(FrameOptionsConstants.XFrameOptions, $"{FrameOptionsConstants.AllowFrom} {domain}");
break;
}
default:
{
response.AppendHeader(FrameOptionsConstants.XFrameOptions, FrameOptionsConstants.DenyFrames);
break;
}
}
}
/// <summary>
/// Add a head to the response
/// </summary>
/// <param name="response"></param>
/// <param name="type"></param>
/// <param name="domain"></param>
/// <returns></returns>
public static Response WithResponseFrameOptions(this Response response, ResponseFrameOptionsType type, string domain)
{
if (response == null)
{
throw new ArgumentNullException(nameof(response));
}
return(Internal.ResponseHelper.UpdateHeader(response, type, domain));
}
/// <summary>
/// Use Response XFrame-Options Pipelines
/// </summary>
/// <param name="pipelines"></param>
/// <param name="type"></param>
/// <param name="domain"></param>
public static IPipelines UseResponseFrameOptions(this IPipelines pipelines, ResponseFrameOptionsType type, string domain)
{
if (pipelines == null)
{
throw new ArgumentNullException(nameof(pipelines));
}
pipelines.AfterRequest.AddItemToEndOfPipeline(ctx => Internal.ResponseHelper.UpdateHeader(ctx, type, domain));
return(pipelines);
}
/// <summary>
/// Response XFrame-Options Middleware
/// </summary>
/// <param name="next"></param>
/// <param name="type"></param>
/// <param name="domain"></param>
public ResponseFrameOptionsMiddleware(RequestDelegate next, ResponseFrameOptionsType type, string domain)
{
_next = next ?? throw new ArgumentNullException(nameof(next));
_type = type;
_domain = domain;
}
/// <summary>
/// 全局使用 XFrame-Options
/// </summary>
/// <param name="filters"></param>
/// <param name="type"></param>
/// <param name="domain"></param>
/// <returns></returns>
public static GlobalFilterCollection AddResponseFrameOptionsFilter(this GlobalFilterCollection filters, ResponseFrameOptionsType type, string domain)
{
if (filters == null)
{
throw new ArgumentNullException(nameof(filters));
}
filters.Add(new FrameOptionsAttribute {
Domain = domain, FrameOptions = type
});
return(filters);
}
/// <summary>
/// 全局使用 XFrame-Options
/// </summary>
/// <param name="filters"></param>
/// <param name="type"></param>
/// <returns></returns>
public static GlobalFilterCollection AddResponseFrameOptionsFilter(this GlobalFilterCollection filters, ResponseFrameOptionsType type)
{
return(AddResponseFrameOptionsFilter(filters, type, string.Empty));
}
public static void UpdateHeader(NancyContext context, ResponseFrameOptionsType type, string domain = "")
{
UpdateHeader(context.Response, type, domain);
}
/// <summary>
/// Use Response XFrame-Options Middleware
/// </summary>
/// <param name="app"></param>
/// <param name="type"></param>
/// <param name="domain"></param>
/// <returns></returns>
public static IApplicationBuilder UseResponseFrameOptions(this IApplicationBuilder app, ResponseFrameOptionsType type, string domain)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
return(app.UseMiddleware <ResponseFrameOptionsMiddleware>(type, domain));
}
/// <summary>
/// Use Response XFrame-Options Middleware
/// </summary>
/// <param name="app"></param>
/// <param name="type"></param>
/// <returns></returns>
public static IApplicationBuilder UseResponseFrameOptions(this IApplicationBuilder app, ResponseFrameOptionsType type)
{
return(app.UseResponseFrameOptions(type, string.Empty));
}
/// <summary>
/// Add a head to the response
/// </summary>
/// <param name="response"></param>
/// <param name="type"></param>
/// <returns></returns>
public static Response WithResponseFrameOptions(this Response response, ResponseFrameOptionsType type)
{
return(WithResponseFrameOptions(response, type, string.Empty));
}
/// <summary>
/// Use Response XFrame-Options Pipelines
/// </summary>
/// <param name="pipelines"></param>
/// <param name="type"></param>
/// <returns></returns>
public static AfterPipeline UseResponseFrameOptions(this AfterPipeline pipelines, ResponseFrameOptionsType type)
{
return(UseResponseFrameOptions(pipelines, type, string.Empty));
}
