Пример #1
0
        /// <summary>
        /// Specifies a Content Security Policy using the specified configuration action.
        /// </summary>
        /// <param name="builder">
        /// The builder being used to configure the response headers.
        /// </param>
        /// <param name="optionsAction">
        /// An action used to configure the Content Security Policy.
        /// </param>
        /// <returns>
        /// A reference to <paramref name="builder"/> with the specified Content
        /// Security Policy.
        /// </returns>
        public static ResponseHeadersOptionsBuilder AddContentSecurityPolicy(this ResponseHeadersOptionsBuilder builder, Action <ContentSecurityPolicyBuilder> optionsAction)
        {
            var cspBuilder = new ContentSecurityPolicyBuilder();

            optionsAction(cspBuilder);

            var directives = cspBuilder.Build()
                             .Select(x => x.ToString())
                             .Where(x => !string.IsNullOrEmpty(x));

            return(builder.AddContentSecurityPolicy(string.Join(" ; ", directives)));
        }
Пример #2
0
        /// <summary>
        /// Specifies additional HTTP headers to add to responses.
        /// </summary>
        /// <param name="app">The builder to configure.</param>
        /// <param name="optionsAction">
        /// An action used to specify the headers to add.
        /// </param>
        /// <returns>
        /// A reference to <paramref name="app"/> with the configured response headers.
        /// </returns>
        public static IApplicationBuilder UseResponseHeaders(this IApplicationBuilder app, Action <ResponseHeadersOptionsBuilder> optionsAction)
        {
            if (app == null)
            {
                throw new ArgumentNullException(nameof(app));
            }

            if (optionsAction == null)
            {
                throw new ArgumentNullException(nameof(optionsAction));
            }

            var builder = new ResponseHeadersOptionsBuilder();

            optionsAction(builder);
            return(app.UseResponseHeaders(builder.Build()));
        }
Пример #3
0
 /// <summary>
 /// Specifies a feature policy.
 /// </summary>
 /// <param name="builder">
 /// The builder being used to configure the response headers.
 /// </param>
 /// <param name="value">
 /// A string that contains the serialized feature policy.
 /// </param>
 /// <returns>
 /// A reference to <paramref name="builder"/> with the specified feature
 /// policy.
 /// </returns>
 public static ResponseHeadersOptionsBuilder AddFeaturePolicy(this ResponseHeadersOptionsBuilder builder, string value)
 => builder.Add("Feature-Policy", value);
Пример #4
0
 /// <summary>
 /// Specifies a Content Security Policy.
 /// </summary>
 /// <param name="builder">
 /// The builder being used to configure the response headers.
 /// </param>
 /// <param name="value">A string that contains the serialized policy.</param>
 /// <returns>
 /// A reference to <paramref name="builder"/> with the specified Content
 /// Security Policy.
 /// </returns>
 public static ResponseHeadersOptionsBuilder AddContentSecurityPolicy(this ResponseHeadersOptionsBuilder builder, string value)
 {
     return(builder.Add("Content-Security-Policy", value));
 }
Пример #5
0
 /// <summary>
 /// Specifies that user agents should block requests where the declared
 /// content type does not match the expected content type.
 /// </summary>
 /// <param name="builder">
 /// The builder being used to configure the response headers.
 /// </param>
 /// <returns>
 /// A reference to <paramref name="builder"/> without XSS protection.
 /// </returns>
 public static ResponseHeadersOptionsBuilder PreventContentTypeSniffing(this ResponseHeadersOptionsBuilder builder)
 => builder.Add("X-Content-Type-Options", "nosniff");