public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
context.Response.OnStarting(() =>
{
HttpResponse response = context.Response;
// check whether it is applicable
if (response.Headers.TryGetValue(HeaderNames.ContentType, out var values) &&
values.Any(v => v.StartsWith("text/html", StringComparison.OrdinalIgnoreCase)))
{
var effectiveValue = _headerValue;
// check for overwrite
if (context.Items.TryGetValue(nameof(FrameOptionsPolicy), out var policy))
{
effectiveValue = FrameOptionsDirective.ToString((FrameOptionsPolicy)policy);
}
response.Headers["X-Frame-Options"] = effectiveValue;
response.Headers["Frame-Options"] = effectiveValue;
}
return(Task.CompletedTask);
});
await next.Invoke(context);
}
public static IServiceCollection AddFrameOptions(this IServiceCollection services, Action <FrameOptionsDirective> configure)
{
FrameOptionsDirective options = new FrameOptionsDirective();
configure(options);
return(services.AddFrameOptions(options));
}
public FrameOptionsMiddleware(FrameOptionsDirective options)
{
Options = options ?? throw new ArgumentNullException(nameof(options));
_headerValue = Options.ToString();
}
public static IServiceCollection AddFrameOptions(this IServiceCollection services, FrameOptionsDirective options)
{
services.AddSingleton <FrameOptionsMiddleware>();
services.AddSingleton(options);
return(services);
}