/// <summary> /// Specifies a Content Security Policy using the specified configuration action. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="optionsAction"> /// An action used to configure the Content Security Policy. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with the specified Content /// Security Policy. /// </returns> public static ResponseHeadersOptionsBuilder AddContentSecurityPolicy(this ResponseHeadersOptionsBuilder builder, Action <ContentSecurityPolicyBuilder> optionsAction) { var cspBuilder = new ContentSecurityPolicyBuilder(); optionsAction(cspBuilder); var directives = cspBuilder.Build() .Select(x => x.ToString()) .Where(x => !string.IsNullOrEmpty(x)); return(builder.AddContentSecurityPolicy(string.Join(" ; ", directives))); }
/// <summary> /// Specifies additional HTTP headers to add to responses. /// </summary> /// <param name="app">The builder to configure.</param> /// <param name="optionsAction"> /// An action used to specify the headers to add. /// </param> /// <returns> /// A reference to <paramref name="app"/> with the configured response headers. /// </returns> public static IApplicationBuilder UseResponseHeaders(this IApplicationBuilder app, Action <ResponseHeadersOptionsBuilder> optionsAction) { if (app == null) { throw new ArgumentNullException(nameof(app)); } if (optionsAction == null) { throw new ArgumentNullException(nameof(optionsAction)); } var builder = new ResponseHeadersOptionsBuilder(); optionsAction(builder); return(app.UseResponseHeaders(builder.Build())); }
/// <summary> /// Specifies a feature policy. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="value"> /// A string that contains the serialized feature policy. /// </param> /// <returns> /// A reference to <paramref name="builder"/> with the specified feature /// policy. /// </returns> public static ResponseHeadersOptionsBuilder AddFeaturePolicy(this ResponseHeadersOptionsBuilder builder, string value) => builder.Add("Feature-Policy", value);
/// <summary> /// Specifies a Content Security Policy. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <param name="value">A string that contains the serialized policy.</param> /// <returns> /// A reference to <paramref name="builder"/> with the specified Content /// Security Policy. /// </returns> public static ResponseHeadersOptionsBuilder AddContentSecurityPolicy(this ResponseHeadersOptionsBuilder builder, string value) { return(builder.Add("Content-Security-Policy", value)); }
/// <summary> /// Specifies that user agents should block requests where the declared /// content type does not match the expected content type. /// </summary> /// <param name="builder"> /// The builder being used to configure the response headers. /// </param> /// <returns> /// A reference to <paramref name="builder"/> without XSS protection. /// </returns> public static ResponseHeadersOptionsBuilder PreventContentTypeSniffing(this ResponseHeadersOptionsBuilder builder) => builder.Add("X-Content-Type-Options", "nosniff");