public XfoMiddleware(AppFunc next, XFrameOptions options) : base(next) { _config = options; var headerGenerator = new HeaderGenerator(); _headerResult = headerGenerator.CreateXfoResult(_config); }
public XfoMiddleware(RequestDelegate next, XFrameOptions options) : base(next) { _config = options; var headerGenerator = new HeaderGenerator(); _headerResult = headerGenerator.CreateXfoResult(_config); }
public static void Frameguard(this IAppBuilder app, XFrameOptions xFrameOptions, Uri uri = null) { if (app == null) { throw new ArgumentNullException(nameof(app)); } app.Use<FrameguardMiddleware>(xFrameOptions, uri); }
public static void Frameguard(this IAppBuilder app, XFrameOptions xFrameOptions, Uri uri = null) { if (app == null) { throw new ArgumentNullException(nameof(app)); } app.Use <FrameguardMiddleware>(xFrameOptions, uri); }
/// <summary> /// Declares a policy communicated from a host to the client browser on whether /// the browser must not display the transmitted content in frames of other web pages /// </summary> /// <param name="xFrameOption"> /// Whether or not we should allow rendering this site within a frame. /// Applicable values are: deny; sameorigin; and allowfrom /// </param> /// <param name="domain"> /// If allowfrom is supplied, this optional parameter describes the domain in which /// our site is permitted to be loaded within a frame /// </param> /// <remarks> /// If no value for <param name="xFrameOption"/> is rovided, then default one will be /// used. This default value is based on the OWASP best practises value for X-Frame-Options. /// </remarks> public static SecureHeadersMiddlewareConfiguration UseXFrameOptions (this SecureHeadersMiddlewareConfiguration config, XFrameOptions xFrameOption = XFrameOptions.Deny, string domain = null) { config.UseXFrameOptions = true; config.XFrameOptionsConfiguration = new XFrameOptionsConfiguration(xFrameOption, domain); return(config); }
public FrameguardMiddleware( OwinMiddleware next, XFrameOptions xFrameOptions, Uri uri = null) : base(next) { if (xFrameOptions == XFrameOptions.AllowFrom && uri == null) { throw new ArgumentNullException(nameof(uri)); } _xFrameOptions = xFrameOptions; _uri = uri; }
/// <summary> /// Adds a middleware to the ASP.NET Core pipeline that sets the X-Frame-Options header. /// </summary> /// <param name="app">The <see cref="IApplicationBuilder" /> to which the middleware is added.</param> /// <param name="configurer">An <see cref="Action" /> that configures the options for the middleware.</param> /// <returns>The <see cref="IApplicationBuilder" /> supplied in the app parameter.</returns> public static IApplicationBuilder UseXfo(this IApplicationBuilder app, Action <IFluentXFrameOptions> configurer) { if (app == null) { throw new ArgumentNullException(nameof(app)); } if (configurer == null) { throw new ArgumentNullException(nameof(configurer)); } var options = new XFrameOptions(); configurer(options); return(app.UseMiddleware <XfoMiddleware>(options)); }
public XFrameOptionsAttribute(XFrameOptions type, string allowFrom = null) { switch (type) { case XFrameOptions.Deny: Value = "deny"; break; case XFrameOptions.SameOrigin: Value = "deny"; break; case XFrameOptions.AllowFrom: Value = $"allow-from {allowFrom}"; break; case XFrameOptions.AllowAll: Value = "allow-all"; break; default: throw new ArgumentOutOfRangeException(nameof(type), type, null); } }
/// <summary> /// The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. /// The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options. /// </summary> /// <param name="builder"></param> /// <param name="value"></param> /// <param name="allowFromUri"></param> /// <returns></returns> public static IApplicationBuilder AddXFrameOptions(this IApplicationBuilder builder, XFrameOptions value) { builder.Use((context, next) => { context.Response.SetXFrameOptions(value); return(next()); }); return(builder); }
public void Setup() { _options = new XFrameOptions(); }
public XFrameOptionsConfiguration(XFrameOptions xFrameOption, string allowFromDomain) { OptionValue = xFrameOption; AllowFromDomain = allowFromDomain; }
public XFrameOptionsTests() { _options = new XFrameOptions(); }