/// <summary> /// Specifies that user agents must not allow pages from this application /// to be displayed in any frame. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with framing disabled. /// </returns> public static ResponseHeadersOptionsBuilder PreventFraming(this ResponseHeadersOptionsBuilder builder) => builder.AddFrameOptions("DENY");
/// <summary> /// Specifies that user agents must not allow pages from this application /// to be displayed in any frame, except for pages from the current /// origin. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with framing allowed only /// from the same origin. /// </returns> public static ResponseHeadersOptionsBuilder AllowFramingFromSameOrigin(this ResponseHeadersOptionsBuilder builder) => builder.AddFrameOptions("SAMEORIGIN");
/// <summary> /// Specifies that user agents must not allow pages from this application /// to be displayed in any frame, except for pages from the specified /// origin. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="origin"> /// The origin that is allowed to display pages from this application in /// a frame. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with framing allowed only /// from the same origin. /// </returns> public static ResponseHeadersOptionsBuilder AllowFramingFromOrigin(this ResponseHeadersOptionsBuilder builder, string origin) => builder.AddFrameOptions($"ALLOW-FROM {origin}");
/// <summary> /// Specifies the value for the <c>X-Frame-Options</c> header. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="value">The <c>X-Frame-Options</c> header value.</param> /// <returns> /// A reference to <paramref name="builder"/> with the specified frame /// options value. /// </returns> public static ResponseHeadersOptionsBuilder AddFrameOptions(this ResponseHeadersOptionsBuilder builder, string value) => builder.Add("X-Frame-Options", value);
/// <summary> /// Specifies that user agents should enable XSS filtering. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="block"> /// Indicates whether pages should be blocked rather than sanitized when /// an XSS attack is detected. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with the specified XSS /// protection mode. /// </returns> public static ResponseHeadersOptionsBuilder AddXssProtection(this ResponseHeadersOptionsBuilder builder, bool block = false) { return(builder.AddXssProtection(block ? EnableAndBlock : Enable)); }
/// <summary> /// Specifies that user agents should disable XSS filtering, /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <returns> /// A reference to <paramref name="builder"/> without XSS protection. /// </returns> public static ResponseHeadersOptionsBuilder DisableXssProtection(this ResponseHeadersOptionsBuilder builder) { return(builder.AddXssProtection(Disable)); }
/// <summary> /// Specifies the value for the <c>X-XSS-Protection</c> header. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="value">The <c>X-XSS-Protection</c> header value.</param> /// <returns> /// A reference to <paramref name="builder"/> with the specified XSS /// protection value. /// </returns> public static ResponseHeadersOptionsBuilder AddXssProtection(this ResponseHeadersOptionsBuilder builder, string value) { return(builder.Add("X-XSS-Protection", value)); }
/// <summary> /// Specifies a policy that determines when the <c>Referer</c> header is sent. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="referrerPolicy"> /// A value that specifies the algorithm used to populate the /// <c>Referer</c> header. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with the specified Referrer Policy. /// </returns> public static ResponseHeadersOptionsBuilder AddReferrerPolicy(this ResponseHeadersOptionsBuilder builder, ReferrerPolicy referrerPolicy) { return(builder.Add("Referrer-Policy", referrerPolicy.ToString())); }