private static void SetResponseForRedirect(IOwinContext context, StrictTransportSecurityOptions options) { var response = context.Response; response.StatusCode = 301; response.ReasonPhrase = options.RedirectReasonPhrase(301); response.Headers[HeaderConstants.Location] = options.RedirectUriBuilder(context.Request.Uri); }
private static string ConstructHeaderValue(StrictTransportSecurityOptions options) { var age = MaxAge(options.MaxAge); var subDomains = IncludeSubDomains(options.IncludeSubDomains); var preload = Preload(options.Preload); return "{0}{1}{2}".FormatWith(age, subDomains, preload); }
private static string ConstructHeaderValue(StrictTransportSecurityOptions options) { var age = MaxAge(options.MaxAge); var subDomains = IncludeSubDomains(options.IncludeSubDomains); var preload = Preload(options.Preload); return("{0}{1}{2}".FormatWith(age, subDomains, preload)); }
public static Func<Func<IDictionary<string, object>, Task>, Func<IDictionary<string, object>, Task>> StrictTransportSecurityHeader(StrictTransportSecurityOptions options) { return next => env => { var context = env.AsContext(); var request = context.Request; if (RedirectToSecureTransport(options, request)) { SetResponseForRedirect(context, options); return Task.FromResult(0); } // Only over secure transport (http://tools.ietf.org/html/rfc6797#section-7.2) // Quotation: "An HSTS Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport." if (request.IsSecure) { var response = context.Response; var state = new State<StrictTransportSecurityOptions> { Settings = options, Response = response }; response.OnSendingHeaders(ApplyHeader, state); } return next(env); }; }
/// <summary> /// Adds the "Strict-Transport-Security" (STS) header to the response. /// </summary> /// <param name="builder">The OWIN builder instance.</param> /// <param name="options">The Strict-Transport-Security options.</param> /// <returns>The OWIN builder instance.</returns> public static BuildFunc StrictTransportSecurity(this BuildFunc builder, StrictTransportSecurityOptions options = null) { options = options ?? new StrictTransportSecurityOptions(); builder(_ => StrictTransportSecurityHeaderMiddleware.StrictTransportSecurityHeader(options)); return(builder); }
/// <summary> /// Adds the "Strict-Transport-Security" (STS) header to the response. /// </summary> /// <param name="builder">The OWIN builder instance.</param> /// <param name="options">The Strict-Transport-Security options.</param> /// <returns>The OWIN builder instance.</returns> public static BuildFunc StrictTransportSecurity(this BuildFunc builder, StrictTransportSecurityOptions options = null) { options = options ?? new StrictTransportSecurityOptions(); builder(_ => StrictTransportSecurityHeaderMiddleware.StrictTransportSecurityHeader(options)); return builder; }
public static Func <Func <IDictionary <string, object>, Task>, Func <IDictionary <string, object>, Task> > StrictTransportSecurityHeader(StrictTransportSecurityOptions options) { return(next => env => { var context = env.AsContext(); var request = context.Request; if (RedirectToSecureTransport(options, request)) { SetResponseForRedirect(context, options); return Task.FromResult(0); } // Only over secure transport (http://tools.ietf.org/html/rfc6797#section-7.2) // Quotation: "An HSTS Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport." if (request.IsSecure) { var response = context.Response; var state = new State <StrictTransportSecurityOptions> { Settings = options, Response = response }; response.OnSendingHeaders(ApplyHeader, state); } return next(env); }); }
private static bool RedirectToSecureTransport(StrictTransportSecurityOptions options, IOwinRequest request) { return(options.RedirectToSecureTransport && !request.IsSecure); }
private static bool RedirectToSecureTransport(StrictTransportSecurityOptions options, IOwinRequest request) { return options.RedirectToSecureTransport && !request.IsSecure; }