public async Task Invoke(HttpContext context)
{
// Check if a CSP header has already been added to the response
// This can happen for example if a middleware re-executes the pipeline
if (!ContainsCspHeader(context.Response))
{
var sendingHeaderContext = new CspSendingHeaderContext(context);
//Call the per-request check if CSP should be sent
await _options.OnSendingHeader(sendingHeaderContext);
if (!sendingHeaderContext.ShouldNotSend)
{
string headerName;
string headerValue;
if (_options.IsNonceNeeded)
{
var nonceService = (ICspNonceService)context.RequestServices.GetService(typeof(ICspNonceService));
(headerName, headerValue) = _options.ToString(nonceService);
}
else
{
headerName = _headerName;
headerValue = _headerValue;
}
context.Response.Headers.Add(headerName, headerValue);
}
}
await _next.Invoke(context);
}
public async Task Invoke(HttpContext context)
{
var sendingHeaderContext = new CspSendingHeaderContext(context);
//Call the per-request check if CSP should be sent
await _options.OnSendingHeader(sendingHeaderContext);
if (!sendingHeaderContext.ShouldNotSend)
{
string headerName;
string headerValue;
if (_options.IsNonceNeeded)
{
var nonceService = (ICspNonceService)context.RequestServices.GetService(typeof(ICspNonceService));
(headerName, headerValue) = _options.ToString(nonceService);
}
else
{
headerName = _headerName;
headerValue = _headerValue;
}
context.Response.Headers.Add(headerName, headerValue);
}
await _next.Invoke(context);
}
