public void OnActionExecuting(ActionExecutingContext context) { if (context.IsEffectivePolicy <XFrameOptionsAttribute>(this)) { context.HttpContext.Response.SetHeaderOnStarting("X-Frame-Options", Value); } }
public override void OnActionExecuting(ActionExecutingContext context) { if (!context.ModelState.IsValid && context.IsEffectivePolicy <IValidationPolicy>(this)) { context.Result = new BadRequestObjectResult(context.ModelState); } }
public void OnActionExecuting(ActionExecutingContext context) { if (context.IsEffectivePolicy <ReferrerPolicyAttribute>(this)) { context.HttpContext.Response.SetHeaderOnStarting("Referrer-Policy", Value); } }
public void OnActionExecuting(ActionExecutingContext context) { if (context.IsEffectivePolicy <IContentSecurityPolicy>(this)) { var policies = context.HttpContext.RequestServices.GetService(typeof(ContentSecurityPolicies)) as ContentSecurityPolicies; if (policies == null) { return; } if (DefaultSrc != null) { policies.Add(new ConsentSecurityPolicy("default-src", DefaultSrc)); } if (UnsafeInline) { policies.Add(new ConsentSecurityPolicy("script-src", "'unsafe-inline'")); } if (!string.IsNullOrEmpty(FontSrc)) { policies.Add(new ConsentSecurityPolicy("font-src", FontSrc)); } if (!string.IsNullOrEmpty(ImgSrc)) { policies.Add(new ConsentSecurityPolicy("img-src", ImgSrc)); } if (!string.IsNullOrEmpty(StyleSrc)) { policies.Add(new ConsentSecurityPolicy("style-src", StyleSrc)); } if (!string.IsNullOrEmpty(ScriptSrc)) { policies.Add(new ConsentSecurityPolicy("script-src", ScriptSrc)); } if (FixWebsocket && AutoSelf) // Self does not match wss:// and ws:// :( { var request = context.HttpContext.Request; var url = string.Concat( request.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase) ? "ws" : "wss", "://", request.Host.ToUriComponent(), request.PathBase.ToUriComponent()); policies.Add(new ConsentSecurityPolicy("connect-src", url)); } context.HttpContext.Response.OnStarting(() => { if (!policies.HasRules) { return(Task.CompletedTask); } if (AutoSelf) { bool hasSelf = false; foreach (var group in policies.Rules.GroupBy(p => p.Name)) { hasSelf = group.Any(g => g.Value.Contains("'self'", StringComparison.OrdinalIgnoreCase)); if (!hasSelf && !group.Any(g => g.Value.Contains("'none'", StringComparison.OrdinalIgnoreCase) || g.Value.Contains("*", StringComparison.OrdinalIgnoreCase))) { policies.Add(new ConsentSecurityPolicy(group.Key, "'self'")); hasSelf = true; } if (hasSelf) { foreach (var authorized in policies.Authorized) { policies.Add(new ConsentSecurityPolicy(group.Key, authorized)); } } } } context.HttpContext.Response.SetHeader("Content-Security-Policy", policies.ToString()); return(Task.CompletedTask); }); } }