public void SetBlockAllMixedContent_SetsBlockAllMixedContentToTrue() { var builder = new CspBuilder(); builder.SetBlockAllMixedContent(); CspOptions options = builder.BuildCspOptions(); Assert.True(options.BlockAllMixedContent); }
public void SetReportOnly_SetsReportOnlyToTrue() { var builder = new CspBuilder(); builder.SetReportOnly(); CspOptions options = builder.BuildCspOptions(); Assert.True(options.ReportOnly); }
public void SetUpgradeInsecureRequests_SetsUpgradeInsecureRequestsToTrue() { var builder = new CspBuilder(); builder.SetUpgradeInsecureRequests(); CspOptions options = builder.BuildCspOptions(); Assert.True(options.UpgradeInsecureRequests); }
public void ReportViolationsTo_SetsTheReportUri() { var builder = new CspBuilder(); builder.ReportViolationsTo("/somewhere"); CspOptions options = builder.BuildCspOptions(); Assert.Equal("/somewhere", options.ReportUri); }
public void EnableSandbox_EnablesTheSandbox() { var builder = new CspBuilder(); builder.EnableSandbox(); CspOptions options = builder.BuildCspOptions(); Assert.True(options.EnableSandbox); }
public void IncludeXHeader_SetsIncludeXHeaderToTrue() { var builder = new CspBuilder(); builder.IncludeXHeader(); CspOptions options = builder.BuildCspOptions(); Assert.True(options.IncludeXHeader); }
public void WithPrefetch_ReturnsCorrectHeader() { var builder = new CspBuilder(); builder.AllowPrefetch.From("https://www.google.com"); var headerValue = builder.BuildCspOptions().ToString(null).headerValue; Assert.Equal("prefetch-src https://www.google.com", headerValue); }
/// <summary> /// Adds a Content Security Policy header /// to the response. /// </summary> /// <param name="app">The <see cref="IApplicationBuilder"/></param> /// <param name="builderAction">Configuration action for the header.</param> /// <returns>The <see cref="IApplicationBuilder"/></returns> public static IApplicationBuilder UseCsp(this IApplicationBuilder app, Action <CspBuilder> builderAction) { var builder = new CspBuilder(); builderAction(builder); CspOptions options = builder.BuildCspOptions(); return(app.UseMiddleware <CspMiddleware>(new OptionsWrapper <CspOptions>(options))); }
public void RequireSriFor_ReturnsCorrectHeader() { var builder = new CspBuilder(); builder.RequireSri.ForScripts(); var headerValue = builder.BuildCspOptions().ToString(null).headerValue; Assert.Equal("require-sri-for script", headerValue); }
public void WithFramesAndWorkers_ReturnsCorrectHeader() { var builder = new CspBuilder(); builder.AllowFrames.From("https://www.google.com"); builder.AllowWorkers.FromSelf().OnlyOverHttps(); var headerValue = builder.BuildCspOptions().ToString(null).headerValue; Assert.Equal("frame-src https://www.google.com;worker-src 'self' https:", headerValue); }
public async Task OnSendingHeader_ShouldNotSendTest() { var builder = new CspBuilder(); builder.OnSendingHeader = context => { context.ShouldNotSend = true; return(Task.CompletedTask); }; var sendingHeaderContext = new CspSendingHeaderContext(null); await builder.BuildCspOptions().OnSendingHeader(sendingHeaderContext); Assert.True(sendingHeaderContext.ShouldNotSend); }
public void FromSelf_WithNonce_HasValue() { var nonceService = new CspNonceService(32); var nonce = nonceService.GetNonce(); var builder = new CspBuilder(); builder.AllowScripts.FromSelf().AddNonce(); var headerValue = builder.BuildCspOptions().ToString(nonceService).headerValue; Assert.DoesNotContain("+", nonce); Assert.DoesNotContain("/", nonce); Assert.DoesNotContain("=", nonce); Assert.Equal($"script-src 'self' 'nonce-{nonce}'", headerValue); }