private void HandleCsp(HttpContext context) { if (_policy.Csp != null) { context.Features.Set <IContentSecurityPolicyInlineExecutionFeature>(new ContentSecurityPolicyInlineExecutionFeature(_policy.Csp, _hashesCache)); context.Response.OnStarting(() => { string headerName = _policy.IsCspReportOnly ? HeaderNames.ContentSecurityPolicyReportOnly : HeaderNames.ContentSecurityPolicy; IContentSecurityPolicyInlineExecutionFeature cspFeature = context.Features.Get <IContentSecurityPolicyInlineExecutionFeature>(); context.Response.SetResponseHeader(headerName, _policy.Csp.ToString(cspFeature?.Nonce, cspFeature?.ScriptsHashes, cspFeature?.StylesHashes)); return(_completedTask); }); } }
internal ContentSecurityPolicyHelper(ViewContext viewContext) { _cspFeature = viewContext.HttpContext.Features.Get <IContentSecurityPolicyInlineExecutionFeature>(); }