public HstsMiddleware(AppFunc next, HstsOptions options) : base(next) { _config = options; var headerGenerator = new HeaderGenerator(); _headerResult = headerGenerator.CreateHstsResult(_config); }
public void Validate(IHstsConfiguration hstsConfig) { if (!hstsConfig.Preload) return; if (hstsConfig.MaxAge.TotalSeconds < 10886400 || !hstsConfig.IncludeSubdomains) { throw new Exception("HSTS max age must be at least 18 weeks and includesubdomains must be enabled to use the preload directive."); } }
public void Validate(IHstsConfiguration hstsConfig) { if (!hstsConfig.Preload) return; if (hstsConfig.UpgradeInsecureRequests) { throw new Exception("The Preload setting cannot be combined with the UpgradeInsecureRequests setting. Use one or the other."); } if (hstsConfig.MaxAge.TotalSeconds < 10886400 || !hstsConfig.IncludeSubdomains) { throw new Exception("HSTS max age must be at least 18 weeks and includesubdomains must be enabled to use the preload directive."); } }
public HeaderResult CreateHstsResult(IHstsConfiguration hstsConfig) { if (hstsConfig.MaxAge < TimeSpan.Zero) return null; if (hstsConfig.Preload && (hstsConfig.MaxAge.TotalSeconds < 10886400 || !hstsConfig.IncludeSubdomains)) { return null; } var seconds = (int)hstsConfig.MaxAge.TotalSeconds; var includeSubdomains = (hstsConfig.IncludeSubdomains ? "; includeSubdomains" : ""); var preload = (hstsConfig.Preload ? "; preload" : ""); var value = string.Format("max-age={0}{1}{2}", seconds, includeSubdomains, preload); return new HeaderResult(HeaderResult.ResponseAction.Set, HeaderConstants.StrictTransportSecurityHeader, value); }
public HeaderResult CreateHstsResult(IHstsConfiguration hstsConfig) { if (hstsConfig.MaxAge < TimeSpan.Zero) { return(null); } if (hstsConfig.Preload && (hstsConfig.MaxAge.TotalSeconds < 10886400 || !hstsConfig.IncludeSubdomains)) { return(null); } var seconds = (int)hstsConfig.MaxAge.TotalSeconds; var includeSubdomains = (hstsConfig.IncludeSubdomains ? "; includeSubDomains" : ""); var preload = (hstsConfig.Preload ? "; preload" : ""); var value = $"max-age={seconds}{includeSubdomains}{preload}"; return(new HeaderResult(HeaderResult.ResponseAction.Set, HeaderConstants.StrictTransportSecurityHeader, value)); }