void AppBeginRequest(object sender, EventArgs e)
{
var app = (HttpApplication)sender;
var context = new HttpContextWrapper(app.Context);
_configHeaderSetter.SetSitewideHeadersFromConfig(context);
if (!_cspReportHelper.IsRequestForBuiltInCspReportHandler(context.Request))
{
return;
}
CspViolationReport cspReport;
if (_cspReportHelper.TryGetCspReportFromRequest(context.Request, out cspReport))
{
var eventArgs = new CspViolationReportEventArgs {
ViolationReport = cspReport
};
OnCspViolationReport(eventArgs);
context.Response.StatusCode = 204;
app.CompleteRequest();
}
else
{
context.Response.StatusCode = 400;
app.CompleteRequest();
}
}
protected virtual void OnCspViolationReport(CspViolationReportEventArgs e)
{
if (CspViolationReported != null)
{
//Invokes the delegates.
CspViolationReported(this, e);
}
}
protected void NWebSecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
{
var report = e.ViolationReport;
var serializedReport = JsonConvert.SerializeObject(report.Details);
// Do a thing with the report
}
/// <summary>
/// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param>
protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
{
// Log the Content Security Policy (CSP) violation.
CspViolationReport violationReport = e.ViolationReport;
CspReportDetails reportDetails = violationReport.Details;
string violationReportString = string.Format(
"UserAgent:<{0}>\r\nBlockedUri:<{1}>\r\nColumnNumber:<{2}>\r\nDocumentUri:<{3}>\r\nEffectiveDirective:<{4}>\r\nLineNumber:<{5}>\r\nOriginalPolicy:<{6}>\r\nReferrer:<{7}>\r\nScriptSample:<{8}>\r\nSourceFile:<{9}>\r\nStatusCode:<{10}>\r\nViolatedDirective:<{11}>",
violationReport.UserAgent,
reportDetails.BlockedUri,
reportDetails.ColumnNumber,
reportDetails.DocumentUri,
reportDetails.EffectiveDirective,
reportDetails.LineNumber,
reportDetails.OriginalPolicy,
reportDetails.Referrer,
reportDetails.ScriptSample,
reportDetails.SourceFile,
reportDetails.StatusCode,
reportDetails.ViolatedDirective);
CspViolationException exception = new CspViolationException(violationReportString);
DependencyResolver.Current.GetService <ILoggingService>().Log(exception);
}
/// <summary>
/// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param>
protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
{
// Log the Content Security Policy (CSP) violation.
CspViolationException exception = new CspViolationException(e.ViolationReport);
DependencyResolver.Current.GetService <ILoggingService>().Log(exception);
}
protected void NWebSecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
{
var report = e.ViolationReport;
}
protected void NWebSecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
{
var report = e.ViolationReport;
var serializedReport = JsonConvert.SerializeObject(report.Details);
//new ReportCspViolation().SaveReport(serializedReport);
}
protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
{
var report = e.ViolationReport;
var directive = report.Details.ViolatedDirective.Split(' ').FirstOrDefault();
ExceptionlessClient.Default.CreateLog($"ContentSecurityPolicy:{directive}",
$"Violation:{report.Details.BlockedUri}", Exceptionless.Logging.LogLevel.Warn)
.AddObject(report.Details)
.Submit();
}
/// <summary>
/// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param>
protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e)
{
var violationReport = e.ViolationReport;
var reportDetails = violationReport.Details;
var violationReportString =
$"UserAgent:<{violationReport.UserAgent}>\r\nBlockedUri:<{reportDetails.BlockedUri}>\r\nColumnNumber:<{reportDetails.ColumnNumber}>\r\nDocumentUri:<{reportDetails.DocumentUri}>\r\nEffectiveDirective:<{reportDetails.EffectiveDirective}>\r\nLineNumber:<{reportDetails.LineNumber}>\r\nOriginalPolicy:<{reportDetails.OriginalPolicy}>\r\nReferrer:<{reportDetails.Referrer}>\r\nScriptSample:<{reportDetails.ScriptSample}>\r\nSourceFile:<{reportDetails.SourceFile}>\r\nStatusCode:<{reportDetails.StatusCode}>\r\nViolatedDirective:<{reportDetails.ViolatedDirective}>";
var exception = new CspViolationException(violationReportString);
ErrorSignal.FromCurrentContext().Raise(exception, HttpContext.Current);
}
