/// <summary> /// Redirects to the specified URL. /// </summary> /// <param name="response">The response to use for redirection.</param> /// <param name="url">The URL to redirect to.</param> /// <param name="bypassSecurityWarning">If set to <c>true</c> security warnings will be bypassed.</param> public void Redirect(HttpResponseBase response, string url, bool bypassSecurityWarning) { if (bypassSecurityWarning) { Logger.Log("Bypassing security warning via a response header and JavaScript."); url = JsEncodeUrl(url); // Clear the current response buffer. response.Clear(); // Add a refresh header to the response for the new path. response.AddHeader("Refresh", "0;URL=" + url); // Also, add JavaScript to replace the current location as backup. response.Write("<html><head><title></title>"); response.Write("<script language=\"javascript\">window.location = '"); response.Write(url); response.Write("';</script>"); response.Write("</head><body></body></html>"); } else { Logger.Log("Issuing permanent redirect."); // Permanent redirect. // TODO: Make the status code configurable (i.e. permanent vs. temporary). response.StatusCode = 301; response.RedirectLocation = url; } // End the current response. response.End(); }
public void Enrich(HttpResponseBase response, HttpRequestBase request, ISecurityEvaluator securityEvaluator, Settings settings) { if (!securityEvaluator.IsSecureConnection(request, settings) || !settings.EnableHsts) { return; } // Add the needed STS header. response.AddHeader("Strict-Transport-Security", string.Format("max-age={0:f0}", settings.HstsMaxAge)); }