/// <summary>
/// Initializes a new instance of the <see cref="ReferrerPolicyAttribute"/> class
/// </summary>
public ReferrerPolicyAttribute(ReferrerPolicy policy)
{
_config = new ReferrerPolicyConfiguration {
Policy = policy.MapToCoreType()
};
_configurationOverrideHelper = new HeaderConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
}
protected CspSandboxAttributeBase()
{
_directive = new CspSandboxOverride {
Enabled = true
};
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
protected CspBlockAllMixedContentAttributeBase()
{
_directive = new CspMixedContentOverride {
Enabled = true
};
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
}
protected CspAttributeBase()
{
_config = new CspHeaderConfiguration {
Enabled = true
};
_headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
}
protected CspReportUriAttributeBase()
{
_directive = new CspReportUriDirectiveConfiguration {
Enabled = true
};
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
}
/// <summary>
/// Initializes a new instance of the <see cref="XXssProtectionAttribute"/> class
/// </summary>
public XXssProtectionAttribute()
{
_config = new XXssProtectionConfiguration {
Policy = XXssPolicy.FilterEnabled, BlockMode = true
};
_headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
}
/// <summary>
/// Initializes a new instance of the <see cref="XDownloadOptionsAttribute"/> class
/// </summary>
public XDownloadOptionsAttribute()
{
_config = new SimpleBooleanConfiguration {
Enabled = true
};
_headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
}
/// <summary>
/// Initializes a new instance of the <see cref="XRobotsTagAttribute"/> class
/// </summary>
public XRobotsTagAttribute()
{
_config = new XRobotsTagConfiguration {
Enabled = true
};
_headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
}
/// <summary>
/// Initializes a new instance of the <see cref="XFrameOptionsAttribute"/> class
/// </summary>
public XFrameOptionsAttribute()
{
_config = new XFrameOptionsConfiguration {
Policy = XfoPolicy.Deny
};
_configurationOverrideHelper = new HeaderConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
/// <summary>
/// Initializes a new instance of the <see cref="SetNoCacheHttpHeadersAttribute"/> class
/// </summary>
public SetNoCacheHttpHeadersAttribute()
{
_config = new SimpleBooleanConfiguration {
Enabled = true
};
_configurationOverrideHelper = new HeaderConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
/// <summary>
/// Initializes a new instance of the <see cref="XContentTypeOptionsAttribute"/> class
/// </summary>
public XContentTypeOptionsAttribute()
{
_config = new SimpleBooleanConfiguration {
Enabled = true
};
_headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
protected CspDirectiveAttributeBase()
{
DirectiveConfig = new CspDirectiveOverride()
{
Enabled = true,
InheritOtherSources = true
};
_headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
protected CspPluginTypesAttributeBase(params string[] mediaTypes)
{
_directive = new CspPluginTypesOverride {
Enabled = true, InheritMediaTypes = true
};
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
if (mediaTypes.Length > 0)
{
_directive.MediaTypes = mediaTypes;
}
}
/// <summary>
/// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
/// </summary>
/// <param name="helper"></param>
public static IHtmlString CspStyleNonce(this HtmlHelper helper)
{
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);
if (context.Items["NWebsecStyleNonceSet"] == null)
{
context.Items["NWebsecStyleNonceSet"] = "set";
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
}
return(CreateNonceAttribute(helper, nonce));
}
/// <summary>
/// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
/// </summary>
/// <param name="helper"></param>
public static IHtmlString CspStyleNonce(this HtmlHelper helper)
{
var context = new HttpContextWrapper(helper.ViewContext.HttpContext);
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper(new CspReportHelper());
var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);
if (context.GetItem <string>("NWebsecStyleNonceSet") == null)
{
context.SetItem("NWebsecStyleNonceSet", "set");
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
}
return(CreateNonceAttribute(helper, nonce));
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var configOverride = new CspPluginTypesOverride()
{
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
};
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
var attribute = string.Format("type=\"{0}\"", helper.AttributeEncode(mediaType));
return(new HtmlString(attribute));
}
public void Setup()
{
_contextHelper = new Mock <IContextConfigurationHelper>(MockBehavior.Strict);
_configurationOverrideHelper = new Mock <IHeaderConfigurationOverrideHelper>(MockBehavior.Strict);
_headerGenerator = new Mock <IHeaderGenerator>(MockBehavior.Strict);
_expectedHeaderResult = new HeaderResult(HeaderResult.ResponseAction.Set, "ExpectedHeader", "ninjavalue");
_headerResultHandler = new Mock <IHeaderResultHandler>(MockBehavior.Strict);
_headerResultHandler.Setup(h => h.HandleHeaderResult(It.IsAny <HttpResponseBase>(), _expectedHeaderResult));
_cspConfigurationOverrideHelper = new Mock <ICspConfigurationOverrideHelper>(MockBehavior.Strict);
_reportHelper = new Mock <ICspReportHelper>(MockBehavior.Strict);
_overrideHelper = new HeaderOverrideHelper(_contextHelper.Object,
_configurationOverrideHelper.Object,
_headerGenerator.Object,
_headerResultHandler.Object,
_cspConfigurationOverrideHelper.Object,
_reportHelper.Object);
_mockContext = new Mock <HttpContextBase>().Object;
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static HtmlString CspMediaType(this IHtmlHelper <dynamic> helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var configOverride = new CspPluginTypesOverride()
{
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
};
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
//TODO have a look at the encoder.
var attribute = $"type=\"{helper.Encode(mediaType)}\"";
return(new HtmlString(attribute));
}
