public XXssMiddleware(AppFunc next, XXssProtectionOptions options)
: base(next)
{
_config = options;
var headerGenerator = new HeaderGenerator();
_headerResult = headerGenerator.CreateXXssProtectionResult(_config);
}
public void EnabledAndBlockedByDefault_ResultIsCorrect()
{
var options = new XXssProtectionOptions();
Assert.True(options.EnableProtection);
Assert.True(options.EnableAttackBlock);
}
public void EnabledAndBlockedAreOffWhenSet_ResultIsCorrect()
{
var options = new XXssProtectionOptions(false, false);
Assert.False(options.EnableProtection);
Assert.False(options.EnableAttackBlock);
}
public XXssMiddleware(RequestDelegate next, XXssProtectionOptions options)
: base(next)
{
_config = options;
var headerGenerator = new HeaderGenerator();
_headerResult = headerGenerator.CreateXXssProtectionResult(_config);
}
/// <summary>
/// Adds a middleware to the ASP.NET Core pipeline that sets the X-Xss-Protection header.
/// </summary>
/// <param name="app">The <see cref="IApplicationBuilder" /> to which the middleware is added.</param>
/// <param name="configurer">An <see cref="Action" /> that configures the options for the middleware.</param>
/// <returns>The <see cref="IApplicationBuilder" /> supplied in the app parameter.</returns>
public static IApplicationBuilder UseXXssProtection(this IApplicationBuilder app, Action <IFluentXXssProtectionOptions> configurer)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (configurer == null)
{
throw new ArgumentNullException(nameof(configurer));
}
var options = new XXssProtectionOptions();
configurer(options);
return(app.UseMiddleware <XXssMiddleware>(options));
}
public XXSSProtectionMiddleware(XXssProtectionOptions options)
{
Options = options ?? throw new ArgumentNullException(nameof(options));
_headerValue = Options.ToString();
}
public static IServiceCollection AddXXSSProtection(this IServiceCollection services, XXssProtectionOptions options)
{
services.AddSingleton <XXSSProtectionMiddleware>();
services.AddSingleton(options);
return(services);
}
public XXssProtectionOptionsTests()
{
_options = new XXssProtectionOptions();
}
public XXSSProtectionMiddleware(RequestDelegate next, XXssProtectionOptions options)
{
_next = next;
Options = options ?? throw new ArgumentNullException(nameof(options));
_headerValue = Options.ToString();
}
/// <summary>
/// Adds the X-XSS-Protection header to each response with text/html media type.
/// </summary>
/// <param name="app"></param>
/// <param name="options"></param>
public static void UseXXSSProtection(this IApplicationBuilder app, XXssProtectionOptions options)
{
app.UseMiddleware <XXSSProtectionMiddleware>(options);
}
public void Setup()
{
_options = new XXssProtectionOptions();
}
