private void HandleCsp(HttpContext context)
{
if (_policy.Csp != null)
{
context.Features.Set <IContentSecurityPolicyInlineExecutionFeature>(new ContentSecurityPolicyInlineExecutionFeature(_policy.Csp, _hashesCache));
context.Response.OnStarting(() => {
string headerName = _policy.IsCspReportOnly ? HeaderNames.ContentSecurityPolicyReportOnly : HeaderNames.ContentSecurityPolicy;
IContentSecurityPolicyInlineExecutionFeature cspFeature = context.Features.Get <IContentSecurityPolicyInlineExecutionFeature>();
context.Response.SetResponseHeader(headerName, _policy.Csp.ToString(cspFeature?.Nonce, cspFeature?.ScriptsHashes, cspFeature?.StylesHashes));
return(_completedTask);
});
}
}
internal ContentSecurityPolicyHelper(ViewContext viewContext)
{
_cspFeature = viewContext.HttpContext.Features.Get <IContentSecurityPolicyInlineExecutionFeature>();
}
