public CspOptions BuildCspOptions()
{
_options.Script = AllowScripts.BuildOptions();
_options.Style = AllowStyles.BuildOptions();
#pragma warning disable CS0618 // Type or member is obsolete
_options.Child = AllowChildren.BuildOptions();
#pragma warning restore CS0618 // Type or member is obsolete
_options.Connect = AllowConnections.BuildOptions();
_options.Manifest = AllowManifest.BuildOptions();
_options.Default = ByDefaultAllow.BuildOptions();
_options.Font = AllowFonts.BuildOptions();
_options.FormAction = AllowFormActions.BuildOptions();
_options.FrameAncestors = AllowFraming.BuildOptions();
_options.Img = AllowImages.BuildOptions();
_options.Media = AllowAudioAndVideo.BuildOptions();
Tuple <CspObjectSrcOptions, CspPluginTypesOptions> pluginOptions = AllowPlugins.BuildOptions();
_options.Object = pluginOptions.Item1;
_options.PluginTypes = pluginOptions.Item2;
_options.Sandbox = _sandboxBuilder.BuildOptions();
_options.Frame = AllowFrames.BuildOptions();
_options.Worker = AllowWorkers.BuildOptions();
_options.Prefetch = AllowPrefetch.BuildOptions();
_options.BaseUri = AllowBaseUri.BuildOptions();
_options.RequireSri = RequireSri.BuildOptions();
_options.OnSendingHeader = OnSendingHeader;
return(_options);
}
public (string headerName, string headerValue) ToString(ICspNonceService nonceService)
{
string headerName;
if (ReportOnly)
{
headerName = "Content-Security-Policy-Report-Only";
}
else
{
headerName = "Content-Security-Policy";
}
var values = new List <string>
{
Default.ToString(nonceService),
Script.ToString(nonceService),
Style.ToString(nonceService),
#pragma warning disable CS0618 // Type or member is obsolete
Child.ToString(nonceService),
#pragma warning restore CS0618 // Type or member is obsolete
Connect.ToString(nonceService),
Manifest.ToString(nonceService),
Font.ToString(nonceService),
FormAction.ToString(nonceService),
Img.ToString(nonceService),
Media.ToString(nonceService),
Object.ToString(nonceService),
FrameAncestors.ToString(),
PluginTypes.ToString(),
Frame.ToString(nonceService),
Worker.ToString(nonceService),
Prefetch.ToString(nonceService),
BaseUri.ToString(nonceService),
RequireSri.ToString()
};
if (BlockAllMixedContent)
{
values.Insert(0, "block-all-mixed-content");
}
if (UpgradeInsecureRequests)
{
values.Insert(0, "upgrade-insecure-requests");
}
if (EnableSandbox)
{
values.Add(Sandbox.ToString());
}
if (ReportUri != null)
{
values.Add("report-uri " + ReportUri);
}
string headerValue = string.Join(";", values.Where(s => s.Length > 0));
return(headerName, headerValue);
}
