void AppBeginRequest(object sender, EventArgs e) { var app = (HttpApplication)sender; var context = new HttpContextWrapper(app.Context); _configHeaderSetter.SetSitewideHeadersFromConfig(context); if (!_cspReportHelper.IsRequestForBuiltInCspReportHandler(context.Request)) { return; } CspViolationReport cspReport; if (_cspReportHelper.TryGetCspReportFromRequest(context.Request, out cspReport)) { var eventArgs = new CspViolationReportEventArgs { ViolationReport = cspReport }; OnCspViolationReport(eventArgs); context.Response.StatusCode = 204; app.CompleteRequest(); } else { context.Response.StatusCode = 400; app.CompleteRequest(); } }
protected virtual void OnCspViolationReport(CspViolationReportEventArgs e) { if (CspViolationReported != null) { //Invokes the delegates. CspViolationReported(this, e); } }
protected void NWebSecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e) { var report = e.ViolationReport; var serializedReport = JsonConvert.SerializeObject(report.Details); // Do a thing with the report }
/// <summary> /// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param> protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e) { // Log the Content Security Policy (CSP) violation. CspViolationReport violationReport = e.ViolationReport; CspReportDetails reportDetails = violationReport.Details; string violationReportString = string.Format( "UserAgent:<{0}>\r\nBlockedUri:<{1}>\r\nColumnNumber:<{2}>\r\nDocumentUri:<{3}>\r\nEffectiveDirective:<{4}>\r\nLineNumber:<{5}>\r\nOriginalPolicy:<{6}>\r\nReferrer:<{7}>\r\nScriptSample:<{8}>\r\nSourceFile:<{9}>\r\nStatusCode:<{10}>\r\nViolatedDirective:<{11}>", violationReport.UserAgent, reportDetails.BlockedUri, reportDetails.ColumnNumber, reportDetails.DocumentUri, reportDetails.EffectiveDirective, reportDetails.LineNumber, reportDetails.OriginalPolicy, reportDetails.Referrer, reportDetails.ScriptSample, reportDetails.SourceFile, reportDetails.StatusCode, reportDetails.ViolatedDirective); CspViolationException exception = new CspViolationException(violationReportString); DependencyResolver.Current.GetService <ILoggingService>().Log(exception); }
/// <summary> /// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param> protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e) { // Log the Content Security Policy (CSP) violation. CspViolationException exception = new CspViolationException(e.ViolationReport); DependencyResolver.Current.GetService <ILoggingService>().Log(exception); }
protected void NWebSecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e) { var report = e.ViolationReport; }
protected void NWebSecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e) { var report = e.ViolationReport; var serializedReport = JsonConvert.SerializeObject(report.Details); //new ReportCspViolation().SaveReport(serializedReport); }
protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e) { var report = e.ViolationReport; var directive = report.Details.ViolatedDirective.Split(' ').FirstOrDefault(); ExceptionlessClient.Default.CreateLog($"ContentSecurityPolicy:{directive}", $"Violation:{report.Details.BlockedUri}", Exceptionless.Logging.LogLevel.Warn) .AddObject(report.Details) .Submit(); }
/// <summary> /// Handles the Content Security Policy (CSP) violation errors. For more information see FilterConfig. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="CspViolationReportEventArgs"/> instance containing the event data.</param> protected void NWebsecHttpHeaderSecurityModule_CspViolationReported(object sender, CspViolationReportEventArgs e) { var violationReport = e.ViolationReport; var reportDetails = violationReport.Details; var violationReportString = $"UserAgent:<{violationReport.UserAgent}>\r\nBlockedUri:<{reportDetails.BlockedUri}>\r\nColumnNumber:<{reportDetails.ColumnNumber}>\r\nDocumentUri:<{reportDetails.DocumentUri}>\r\nEffectiveDirective:<{reportDetails.EffectiveDirective}>\r\nLineNumber:<{reportDetails.LineNumber}>\r\nOriginalPolicy:<{reportDetails.OriginalPolicy}>\r\nReferrer:<{reportDetails.Referrer}>\r\nScriptSample:<{reportDetails.ScriptSample}>\r\nSourceFile:<{reportDetails.SourceFile}>\r\nStatusCode:<{reportDetails.StatusCode}>\r\nViolatedDirective:<{reportDetails.ViolatedDirective}>"; var exception = new CspViolationException(violationReportString); ErrorSignal.FromCurrentContext().Raise(exception, HttpContext.Current); }