/// <summary>
/// Adds a <c>X-XSS-Protection</c> header to the response.
/// </summary>
/// <param name="builder"></param>
/// <param name="enabled">Determines whether the header value is <c>1</c> or <c>0</c>.</param>
/// <param name="mode">Appends the block mode to the header value, e.g. <c>; mode=deny</c>.</param>
/// <returns></returns>
public static IApplicationBuilder UseXXSSProtectionHeader(this IApplicationBuilder builder, bool enabled = true, XXSSProtectionMode mode = XXSSProtectionMode.Block)
{
var options = new XXSSProtectionHeaderOptions
{
Enabled = enabled,
Mode = mode
};
return(builder.UseMiddleware <XXSSProtectionHeaderMiddleware>(Options.Create(options)));
}
private static string BuildHeaderValue(XXSSProtectionHeaderOptions options)
{
var value = $"{Convert.ToInt32(options.Enabled)}";
if (options.Enabled && options.Mode == XXSSProtectionMode.Block)
{
value += "; mode=block";
}
return(value);
}
/// <summary>
/// Adds a <c>X-XSS-Protection</c> header to the response.
/// </summary>
/// <param name="builder"></param>
/// <param name="options">The options configuring the <c>X-XSS-Protection</c> header value.</param>
/// <returns></returns>
public static IApplicationBuilder UseXXSSProtectionHeader(this IApplicationBuilder builder, XXSSProtectionHeaderOptions options)
{
return(builder.UseMiddleware <XXSSProtectionHeaderMiddleware>(Options.Create(options)));
}
