/// <summary> /// Adds a <c>X-XSS-Protection</c> header to the response. /// </summary> /// <param name="builder"></param> /// <param name="enabled">Determines whether the header value is <c>1</c> or <c>0</c>.</param> /// <param name="mode">Appends the block mode to the header value, e.g. <c>; mode=deny</c>.</param> /// <returns></returns> public static IApplicationBuilder UseXXSSProtectionHeader(this IApplicationBuilder builder, bool enabled = true, XXSSProtectionMode mode = XXSSProtectionMode.Block) { var options = new XXSSProtectionHeaderOptions { Enabled = enabled, Mode = mode }; return(builder.UseMiddleware <XXSSProtectionHeaderMiddleware>(Options.Create(options))); }
private static string BuildHeaderValue(XXSSProtectionHeaderOptions options) { var value = $"{Convert.ToInt32(options.Enabled)}"; if (options.Enabled && options.Mode == XXSSProtectionMode.Block) { value += "; mode=block"; } return(value); }
/// <summary> /// Adds a <c>X-XSS-Protection</c> header to the response. /// </summary> /// <param name="builder"></param> /// <param name="options">The options configuring the <c>X-XSS-Protection</c> header value.</param> /// <returns></returns> public static IApplicationBuilder UseXXSSProtectionHeader(this IApplicationBuilder builder, XXSSProtectionHeaderOptions options) { return(builder.UseMiddleware <XXSSProtectionHeaderMiddleware>(Options.Create(options))); }