//TODO It might make sense to allow reporting to be enabled without reportUri's, they might be defined in middleware //TODO Add unit tests for this? public override void OnActionExecuting(ActionExecutingContext filterContext) { if (_directive.Enabled && _directive.ReportUris == null) { throw CreateAttributeException("You need to supply at least one Reporturi to enable the reporturi directive."); } _configurationOverrideHelper.SetCspReportUriOverride(filterContext.HttpContext, _directive, ReportOnly); base.OnActionExecuting(filterContext); }
public void SetCspReportUriOverride_ReportUriDisabledAndOverridden_ReturnsOverridenReportUri([Values(false, true)] bool reportOnly) { var overrideConfig = new CspOverrideConfiguration(); _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), reportOnly, false)).Returns(overrideConfig); var reportUri = new CspReportUriDirectiveConfiguration { Enabled = true, EnableBuiltinHandler = true }; CspConfigurationOverrideHelper.SetCspReportUriOverride(MockContext, reportUri, reportOnly); Assert.IsTrue(overrideConfig.ReportUriDirective.Enabled); Assert.IsTrue(overrideConfig.ReportUriDirective.EnableBuiltinHandler); }