Пример #1
0
        public async Task InvokeAsync(HttpContext context, RequestDelegate next)
        {
            context.Response.OnStarting(() =>
            {
                HttpResponse response = context.Response;

                // check whether it is applicable
                if (response.Headers.TryGetValue(HeaderNames.ContentType, out var values) &&
                    values.Any(v => v.StartsWith("text/html", StringComparison.OrdinalIgnoreCase)))
                {
                    var effectiveValue = _headerValue;

                    // check for overwrite
                    if (context.Items.TryGetValue(nameof(FrameOptionsPolicy), out var policy))
                    {
                        effectiveValue = FrameOptionsDirective.ToString((FrameOptionsPolicy)policy);
                    }

                    response.Headers["X-Frame-Options"] = effectiveValue;
                    response.Headers["Frame-Options"]   = effectiveValue;
                }

                return(Task.CompletedTask);
            });

            await next.Invoke(context);
        }
Пример #2
0
    public static IServiceCollection AddFrameOptions(this IServiceCollection services, Action <FrameOptionsDirective> configure)
    {
        FrameOptionsDirective options = new FrameOptionsDirective();

        configure(options);
        return(services.AddFrameOptions(options));
    }
Пример #3
0
 public FrameOptionsMiddleware(FrameOptionsDirective options)
 {
     Options      = options ?? throw new ArgumentNullException(nameof(options));
     _headerValue = Options.ToString();
 }
Пример #4
0
 public static IServiceCollection AddFrameOptions(this IServiceCollection services, FrameOptionsDirective options)
 {
     services.AddSingleton <FrameOptionsMiddleware>();
     services.AddSingleton(options);
     return(services);
 }