private static string BuildHeaderValue(ContentSecurityPolicyHeaderOptions options)
{
var policies = new List <string>();
if (options.DefaultSources.Count > 0)
{
policies.Add($"default-src {String.Join(" ", options.DefaultSources)};");
}
if (options.ImageSources.Count > 0)
{
policies.Add($"img-src {String.Join(" ", options.ImageSources)};");
}
if (options.ScriptSources.Count > 0)
{
policies.Add($"script-src {String.Join(" ", options.ScriptSources)};");
}
if (options.StyleSources.Count > 0)
{
policies.Add($"style-src {String.Join(" ", options.StyleSources)};");
}
if (options.FontSources.Count > 0)
{
policies.Add($"font-src {String.Join(" ", options.FontSources)};");
}
if (options.ConnectSources.Count > 0)
{
policies.Add($"connect-src {String.Join(" ", options.ConnectSources)};");
}
if (options.FrameAncestors.Count > 0)
{
policies.Add($"frame-ancestors {String.Join(" ", options.FrameAncestors)};");
}
if (options.FrameSources.Count > 0)
{
policies.Add($"frame-src {String.Join(" ", options.FrameSources)}");
}
if (options.UpgradeInsecureRequests)
{
policies.Add("upgrade-insecure-requests;");
}
return(String.Join(" ", policies));
}
/// <summary>
/// Adds a <c>Content-Security-Policy</c> header to the response.
/// </summary>
/// <param name="builder"></param>
/// <param name="options">The options configuring the <c>Content-Security-Policy</c> header value.</param>
/// <returns></returns>
public static IApplicationBuilder UseContentSecurityPolicyHeader(this IApplicationBuilder builder, ContentSecurityPolicyHeaderOptions options)
{
return(builder.UseMiddleware <ContentSecurityPolicyHeaderMiddleware>(Options.Create(options)));
}