public CspOptions BuildCspOptions() { _options.Script = AllowScripts.BuildOptions(); _options.Style = AllowStyles.BuildOptions(); #pragma warning disable CS0618 // Type or member is obsolete _options.Child = AllowChildren.BuildOptions(); #pragma warning restore CS0618 // Type or member is obsolete _options.Connect = AllowConnections.BuildOptions(); _options.Manifest = AllowManifest.BuildOptions(); _options.Default = ByDefaultAllow.BuildOptions(); _options.Font = AllowFonts.BuildOptions(); _options.FormAction = AllowFormActions.BuildOptions(); _options.FrameAncestors = AllowFraming.BuildOptions(); _options.Img = AllowImages.BuildOptions(); _options.Media = AllowAudioAndVideo.BuildOptions(); Tuple <CspObjectSrcOptions, CspPluginTypesOptions> pluginOptions = AllowPlugins.BuildOptions(); _options.Object = pluginOptions.Item1; _options.PluginTypes = pluginOptions.Item2; _options.Sandbox = _sandboxBuilder.BuildOptions(); _options.Frame = AllowFrames.BuildOptions(); _options.Worker = AllowWorkers.BuildOptions(); _options.Prefetch = AllowPrefetch.BuildOptions(); _options.BaseUri = AllowBaseUri.BuildOptions(); _options.RequireSri = RequireSri.BuildOptions(); _options.OnSendingHeader = OnSendingHeader; return(_options); }
public (string headerName, string headerValue) ToString(ICspNonceService nonceService) { string headerName; if (ReportOnly) { headerName = "Content-Security-Policy-Report-Only"; } else { headerName = "Content-Security-Policy"; } var values = new List <string> { Default.ToString(nonceService), Script.ToString(nonceService), Style.ToString(nonceService), #pragma warning disable CS0618 // Type or member is obsolete Child.ToString(nonceService), #pragma warning restore CS0618 // Type or member is obsolete Connect.ToString(nonceService), Manifest.ToString(nonceService), Font.ToString(nonceService), FormAction.ToString(nonceService), Img.ToString(nonceService), Media.ToString(nonceService), Object.ToString(nonceService), FrameAncestors.ToString(), PluginTypes.ToString(), Frame.ToString(nonceService), Worker.ToString(nonceService), Prefetch.ToString(nonceService), BaseUri.ToString(nonceService), RequireSri.ToString() }; if (BlockAllMixedContent) { values.Insert(0, "block-all-mixed-content"); } if (UpgradeInsecureRequests) { values.Insert(0, "upgrade-insecure-requests"); } if (EnableSandbox) { values.Add(Sandbox.ToString()); } if (ReportUri != null) { values.Add("report-uri " + ReportUri); } string headerValue = string.Join(";", values.Where(s => s.Length > 0)); return(headerName, headerValue); }