public void Empty_options_is_deny() { var builder = new XFrameOptionsOptionsBuilder(); var header = new XFrameOptionsHeader(builder.Build()); Assert.Equal("X-Frame-Options", header.Key); Assert.Equal("deny", header.Value); }
/// <summary> /// Invoke the middleware. /// </summary> /// <param name="context">The current HttpContext</param> public Task Invoke(HttpContext context) { context.EnsureNotNull(nameof(context)); var header = new XFrameOptionsHeader(_options); context.Response.Headers.Add(header.Key, header.Value); return(_next(context)); }
public void AllowFrom_option_is_allow_with_uri() { var builder = new XFrameOptionsOptionsBuilder(); builder.AllowFrom("https://some.uri"); var header = new XFrameOptionsHeader(builder.Build()); Assert.Equal("X-Frame-Options", header.Key); Assert.Equal("allow-from https://some.uri", header.Value); }
public void SameOrigin_option_is_sameorigin() { var builder = new XFrameOptionsOptionsBuilder(); builder.SameOrigin(); var header = new XFrameOptionsHeader(builder.Build()); Assert.Equal("X-Frame-Options", header.Key); Assert.Equal("sameorigin", header.Value); }
/// <summary> /// Add X-Frame-Options ALLOW-FROM {uri} to all requests, where the uri is provided /// The page can only be displayed in a frame on the specified origin. /// </summary> /// <param name="policies">The collection of policies</param> /// <param name="uri">The uri of the origin in which the page may be displayed in a frame</param> public static HeaderPolicyCollection AddFrameOptionsSameOrigin(this HeaderPolicyCollection policies, string uri) { return(policies.ApplyPolicy(XFrameOptionsHeader.AllowFromUri(uri))); }
/// <summary> /// Add X-Frame-Options SAMEORIGIN to all requests. /// The page can only be displayed in a frame on the same origin as the page itself. /// </summary> /// <param name="policies">The collection of policies</param> public static HeaderPolicyCollection AddFrameOptionsSameOrigin(this HeaderPolicyCollection policies) { return(policies.ApplyPolicy(XFrameOptionsHeader.SameOrigin())); }
/// <summary> /// Add X-Frame-Options DENY to all requests. /// The page cannot be displayed in a frame, regardless of the site attempting to do so /// </summary> /// <param name="policies">The collection of policies</param> public static HeaderPolicyCollection AddFrameOptionsDeny(this HeaderPolicyCollection policies) { return(policies.ApplyPolicy(XFrameOptionsHeader.Deny())); }