internal bool HandleUpgradeInsecureRequest(OwinEnvironment env) { const string https = "https"; //Already on https. if (https.Equals(env.RequestScheme)) { return(false); } //CSP upgrade-insecure-requests is disabled if (!_config.Enabled || !_config.UpgradeInsecureRequestsDirective.Enabled) { return(false); } if (!CspUpgradeHelper.UaSupportsUpgradeInsecureRequests(env)) { return(false); } var upgradeUri = new UriBuilder($"https://{env.RequestHeaders.Host}") { Port = _config.UpgradeInsecureRequestsDirective.HttpsPort, Path = env.RequestPathBase + env.RequestPath, }; //Redirect env.ResponseHeaders.SetHeader("Vary", "Upgrade-Insecure-Requests"); env.ResponseHeaders.Location = upgradeUri.Uri.AbsoluteUri; env.ResponseStatusCode = 307; return(true); }
internal bool HandleUpgradeInsecureRequest(HttpContext context) { //Already on https. if (context.Request.IsHttps) { return(false); } //CSP upgrade-insecure-requests is disabled if (!_config.Enabled || !_config.UpgradeInsecureRequestsDirective.Enabled) { return(false); } if (!CspUpgradeHelper.UaSupportsUpgradeInsecureRequests(context)) { return(false); } var upgradeUri = new UriBuilder($"https://{context.Request.Host}") { Port = _config.UpgradeInsecureRequestsDirective.HttpsPort, Path = context.Request.PathBase + context.Request.Path }; //Redirect context.Response.Headers["Vary"] = "Upgrade-Insecure-Requests"; context.Response.Headers["Location"] = upgradeUri.Uri.AbsoluteUri; context.Response.StatusCode = 307; return(true); }
internal override void PreInvokeNext(OwinEnvironment owinEnvironment) { if (_config.HttpsOnly && !Https.Equals(owinEnvironment.RequestScheme, StringComparison.OrdinalIgnoreCase)) { return; } if (_config.UpgradeInsecureRequests && !CspUpgradeHelper.UaSupportsUpgradeInsecureRequests(owinEnvironment)) { return; } if (_headerResult.Action == HeaderResult.ResponseAction.Set) { owinEnvironment.ResponseHeaders.SetHeader(_headerResult.Name, _headerResult.Value); } }
internal override void PreInvokeNext(HttpContext context) { if (_config.HttpsOnly && !context.Request.IsHttps) { return; } if (_config.UpgradeInsecureRequests && !CspUpgradeHelper.UaSupportsUpgradeInsecureRequests(context)) { return; } if (_headerResult.Action == HeaderResult.ResponseAction.Set) { context.Response.Headers[_headerResult.Name] = _headerResult.Value; } }