public HttpHeaderSecurityModule() { _cspUpgradeRequestHelper = new CspUpgradeInsecureRequestHelper(); _cspReportHelper = new CspReportHelper(); _configHeaderSetter = new ConfigurationHeaderSetter(); _handlerTypeHelper = new HandlerTypeHelper(); _redirectValidationHelper = new RedirectValidationHelper(); }
public void UaSupportsUpgradeInsecureRequests_UpgradeHeaderNotOk_ReturnsFalse() { SetRequestUpgradeHeader("yolo"); var helper = new CspUpgradeInsecureRequestHelper(); Assert.IsFalse(helper.UaSupportsUpgradeInsecureRequests(_request.Object)); }
public void UaSupportsUpgradeInsecureRequests_UpgradeHeaderOk_ReturnsTrue() { SetRequestUpgradeHeader(); var helper = new CspUpgradeInsecureRequestHelper(); Assert.True(helper.UaSupportsUpgradeInsecureRequests(_request.Object)); }
public void TryUpgradeInsecureRequest_CspDisabledAndHttpRequest_ReturnsFalse() { SetSecureConnection(false); var cspConfig = new CspConfiguration { Enabled = false, UpgradeInsecureRequestsDirective = { Enabled = true } }; var helper = new CspUpgradeInsecureRequestHelper(cspConfig); Assert.IsFalse(helper.TryUpgradeInsecureRequest(_context.Object)); Assert.AreEqual(200, _response.Object.StatusCode); }
public void TryUpgradeInsecureRequest_UpgradeEnabledWithPortAndUpgradableRequest_RedirectsAndReturnsTrue() { _response.Setup(r => r.AppendHeader(It.IsAny <string>(), It.IsAny <string>())); _response.Setup(r => r.Redirect(It.IsAny <string>(), false)); _response.Setup(r => r.End()); SetRequestUri("http://www.nwebsec.com"); SetSecureConnection(false); var cspConfig = new CspConfiguration { Enabled = true, UpgradeInsecureRequestsDirective = { Enabled = true, HttpsPort = 4321 } }; var helper = new CspUpgradeInsecureRequestHelper(cspConfig); Assert.IsTrue(helper.TryUpgradeInsecureRequest(_context.Object)); _response.Verify(r => r.AppendHeader("Vary", "Upgrade-Insecure-Requests"), Times.Once); _response.Verify(r => r.Redirect("https://www.nwebsec.com:4321/", false), Times.Once); _response.Verify(r => r.End(), Times.Once); Assert.AreEqual(307, _response.Object.StatusCode); }
public void UaSupportsUpgradeInsecureRequests_NotSupported_ReturnsFalse() { var helper = new CspUpgradeInsecureRequestHelper(); Assert.IsFalse(helper.UaSupportsUpgradeInsecureRequests(_request.Object)); }