Exemplo n.º 1
0
        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IDasBlogSettings dasBlogSettings)
        {
            (var siteOk, var siteError) = RepairSite(app);

            if (env.IsDevelopment() || env.IsStaging())
            {
                app.UseDeveloperExceptionPage();
                //app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/home/error");
            }

            if (env.IsStaging() || env.IsProduction())
            {
                app.UseHsts(options => options.MaxAge(days: 30));
            }


            if (!siteOk)
            {
                app.Run(async context => await context.Response.WriteAsync(siteError));
                return;
            }

            var options = new RewriteOptions()
                          .AddIISUrlRewrite(env.ContentRootFileProvider, IISUrlRewriteConfigPath);

            app.UseRewriter(options);
            app.UseRouting();

            //if you've configured it at /blog or /whatever, set that pathbase so ~ will generate correctly
            var rootUri = new Uri(dasBlogSettings.SiteConfiguration.Root);
            var path    = rootUri.AbsolutePath;

            //Deal with path base and proxies that change the request path
            if (path != "/")
            {
                app.Use((context, next) =>
                {
                    context.Request.PathBase = new PathString(path);
                    return(next.Invoke());
                });
            }

            app.UseForwardedHeaders();

            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseStaticFiles(new StaticFileOptions()
            {
                FileProvider = new PhysicalFileProvider(BinariesPath),
                RequestPath  = string.Format("/{0}", BinariesUrlRelativePath)
            });

            app.UseStaticFiles(new StaticFileOptions
            {
                FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "Themes")),
                RequestPath  = "/theme"
            });

            app.UseAuthentication();
            app.Use(PopulateThreadCurrentPrincipalForMvc);
            app.UseRouting();
            app.UseAuthorization();

            app.UseXContentTypeOptions();
            app.UseXXssProtection(options => options.EnabledWithBlockMode());
            app.UseXfo(options => options.SameOrigin());
            app.UseReferrerPolicy(opts => opts.NoReferrerWhenDowngrade());


            if (SecurityStyleSources != null && SecurityScriptSources != null)
            {
                app.UseCsp(options => options
                           .DefaultSources(s => s.Self()
                                           .CustomSources("data:")
                                           .CustomSources("https:"))
                           .StyleSources(s => s.Self()
                                         .CustomSources(SecurityStyleSources)
                                         .UnsafeInline()
                                         )
                           .ScriptSources(s => s.Self()
                                          .CustomSources(SecurityScriptSources)
                                          .UnsafeInline()
                                          .UnsafeEval()
                                          )
                           );
            }

            app.Use(async(context, next) =>
            {
                context.Response.Headers.Add("Feature-Policy", "geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';");
                await next.Invoke();
            });

            app.UseLoggingAgent();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapHealthChecks("/healthcheck");

                if (dasBlogSettings.SiteConfiguration.EnableTitlePermaLinkUnique)
                {
                    endpoints.MapControllerRoute(
                        "Original Post Format",
                        "~/{year:int}/{month:int}/{day:int}/{posttitle}.aspx",
                        new { controller = "BlogPost", action = "Post", posttitle = "" });

                    endpoints.MapControllerRoute(
                        "New Post Format",
                        "~/{year:int}/{month:int}/{day:int}/{posttitle}",
                        new { controller = "BlogPost", action = "Post", postitle = "" });
                }
                else
                {
                    endpoints.MapControllerRoute(
                        "Original Post Format",
                        "~/{posttitle}.aspx",
                        new { controller = "BlogPost", action = "Post", posttitle = "" });

                    endpoints.MapControllerRoute(
                        "New Post Format",
                        "~/{posttitle}",
                        new { controller = "BlogPost", action = "Post", postitle = "" });
                }
                endpoints.MapControllerRoute(
                    name: "default", "~/{controller=Home}/{action=Index}/{id?}");
            });
        }
Exemplo n.º 2
0
        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IDasBlogSettings dasBlogSettings)
        {
            (var siteOk, var siteError) = RepairSite(app);

            if (env.IsDevelopment() || env.IsStaging())
            {
                app.UseDeveloperExceptionPage();
                //app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/home/error");
            }

            if (env.IsStaging() || env.IsProduction())
            {
                app.UseHsts(options => options.MaxAge(days: 30));
            }

            if (!siteOk)
            {
                app.Run(async context => await context.Response.WriteAsync(siteError));
                return;
            }

            var options = new RewriteOptions()
                          .AddIISUrlRewrite(env.ContentRootFileProvider, IISUrlRewriteConfigPath);

            app.UseRewriter(options);
            app.UseRouting();

            //if you've configured it at /blog or /whatever, set that pathbase so ~ will generate correctly
            var rootUri = new Uri(dasBlogSettings.SiteConfiguration.Root);
            var path    = rootUri.AbsolutePath;

            //Deal with path base and proxies that change the request path
            if (path != "/")
            {
                app.Use((context, next) =>
                {
                    context.Request.PathBase = new PathString(path);
                    return(next.Invoke());
                });
            }

            app.UseForwardedHeaders();

            app.UseStaticFiles();
            app.UseCookiePolicy();

            Action <StaticFileResponseContext> cacheControlPrepResponse = (ctx) =>
            {
                const int durationInSeconds = 60 * 60 * 24;
                ctx.Context.Response.Headers[HeaderNames.CacheControl] =
                    "public,max-age=" + durationInSeconds;
                ctx.Context.Response.Headers["Expires"] = DateTime.UtcNow.AddHours(12).ToString("R");
            };

            app.UseStaticFiles(new StaticFileOptions()
            {
                FileProvider      = new PhysicalFileProvider(BinariesPath),
                RequestPath       = string.Format("/{0}", BinariesUrlRelativePath),
                OnPrepareResponse = cacheControlPrepResponse
            });

            app.UseStaticFiles(new StaticFileOptions()
            {
                FileProvider      = new PhysicalFileProvider(BinariesPath),
                RequestPath       = string.Format("/{0}", BinariesUrlRelativePath),
                OnPrepareResponse = cacheControlPrepResponse
            });


            app.UseStaticFiles(new StaticFileOptions
            {
                FileProvider      = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "content/radioStories")),
                RequestPath       = "/content/radioStories",
                OnPrepareResponse = cacheControlPrepResponse
            });

            app.UseStaticFiles(new StaticFileOptions
            {
                FileProvider      = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "Themes")),
                RequestPath       = "/theme",
                OnPrepareResponse = cacheControlPrepResponse
            });

            app.UseStaticFiles(new StaticFileOptions
            {
                FileProvider      = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "Themes")),
                RequestPath       = "/themes",
                OnPrepareResponse = cacheControlPrepResponse
            });

            app.UseAuthentication();
            app.Use(PopulateThreadCurrentPrincipalForMvc);
            app.UseRouting();
            app.UseAuthorization();

            app.UseXContentTypeOptions();
            app.UseXXssProtection(options => options.EnabledWithBlockMode());
            app.UseXfo(options => options.SameOrigin());
            app.UseReferrerPolicy(opts => opts.NoReferrerWhenDowngrade());

            var SecurityScriptSources = Configuration.GetSection("SecurityScriptSources")?.Value?.Split(";");
            var SecurityStyleSources  = Configuration.GetSection("SecurityStyleSources")?.Value?.Split(";");
            var DefaultSources        = Configuration.GetSection("DefaultSources")?.Value?.Split(";");

            if (SecurityStyleSources != null && SecurityScriptSources != null && DefaultSources != null)
            {
                app.UseCsp(options => options
                           .DefaultSources(s => s.Self()
                                           .CustomSources(DefaultSources)
                                           )
                           .StyleSources(s => s.Self()
                                         .CustomSources(SecurityStyleSources)
                                         .UnsafeInline()
                                         )
                           .ScriptSources(s => s.Self()
                                          .CustomSources(SecurityScriptSources)
                                          .UnsafeInline()
                                          .UnsafeEval()
                                          )
                           );
            }

            app.Use(async(context, next) =>
            {
                //being renamed/changed to this soon
                context.Response.Headers.Add("Permissions-Policy", "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()");
                await next.Invoke();
            });

            app.UseLoggingAgent();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapHealthChecks("/healthcheck");

                if (dasBlogSettings.SiteConfiguration.EnableTitlePermaLinkUnique)
                {
                    endpoints.MapControllerRoute(
                        "Original Post Format",
                        "~/{year:int}/{month:int}/{day:int}/{posttitle}.aspx",
                        new { controller = "BlogPost", action = "Post", posttitle = "" });

                    endpoints.MapControllerRoute(
                        "New Post Format",
                        "~/{year:int}/{month:int}/{day:int}/{posttitle}",
                        new { controller = "BlogPost", action = "Post", postitle = "" });
                }
                else
                {
                    endpoints.MapControllerRoute(
                        "Original Post Format",
                        "~/{posttitle}.aspx",
                        new { controller = "BlogPost", action = "Post", posttitle = "" });

                    endpoints.MapControllerRoute(
                        "New Post Format",
                        "~/{posttitle}",
                        new { controller = "BlogPost", action = "Post", postitle = "" });
                }
                endpoints.MapControllerRoute(
                    name: "default", "~/{controller=Home}/{action=Index}/{id?}");
            });
        }