public ICspDirectiveConfiguration GetOverridenCspDirectiveConfig(CspDirectiveOverride directiveOverride, ICspDirectiveConfiguration directiveConfig)
{
if (directiveOverride.None.HasValue && (bool)directiveOverride.None)
{
//When 'none' is true we don't want any other sources
return new CspDirectiveConfiguration { NoneSrc = true };
}
var result = directiveConfig ?? new CspDirectiveConfiguration();
result.Enabled = directiveOverride.Enabled;
if (directiveOverride.None.HasValue)
{
result.NoneSrc = (bool)directiveOverride.None;
}
//Keep track if other sources have been enabled, so none must be disabled.
var disableNone = false;
if (directiveOverride.Self.HasValue)
{
result.SelfSrc = (bool)directiveOverride.Self;
disableNone = result.SelfSrc;
}
if (directiveOverride.UnsafeEval.HasValue)
{
result.UnsafeEvalSrc = (bool)directiveOverride.UnsafeEval;
disableNone = disableNone || result.UnsafeEvalSrc;
}
if (directiveOverride.UnsafeInline.HasValue)
{
result.UnsafeInlineSrc = (bool)directiveOverride.UnsafeInline;
disableNone = disableNone || result.UnsafeInlineSrc;
}
if (!directiveOverride.InheritOtherSources)
{
result.CustomSources = EmptySources;
}
if (directiveOverride.OtherSources != null && directiveOverride.OtherSources.Length > 0)
{
var newSources = new List<string>(result.CustomSources);
newSources.AddRange(directiveOverride.OtherSources);
result.CustomSources = newSources.Distinct();
disableNone = true;
}
if (disableNone)
{
result.NoneSrc = false;
}
return result;
}
private List <string> GetDirectiveList(ICspDirectiveConfiguration directive)
{
if (directive == null || !directive.Enabled)
{
return(null);
}
var sources = new List <string>();
if (directive.NoneSrc)
{
sources.Add("'none'");
}
if (directive.SelfSrc)
{
sources.Add("'self'");
}
if (directive.UnsafeInlineSrc)
{
sources.Add("'unsafe-inline'");
}
if (!String.IsNullOrEmpty(directive.Nonce))
{
var nonce = $"'nonce-{directive.Nonce}'";
sources.Add(nonce);
}
if (directive.UnsafeEvalSrc)
{
sources.Add("'unsafe-eval'");
}
if (directive.StrictDynamicSrc)
{
sources.Add("'strict-dynamic'");
}
if (directive.CustomSources != null)
{
sources.AddRange(directive.CustomSources);
}
return(sources.Count > 0 ? sources : null);
}
public ICspDirectiveConfiguration GetOverridenCspDirectiveConfig(CspDirectiveOverride directiveOverride, ICspDirectiveConfiguration directiveConfig)
{
if (directiveOverride.None.HasValue && (bool)directiveOverride.None)
{
//When 'none' is true we don't want any other sources
return(new CspDirectiveConfiguration {
NoneSrc = true
});
}
var result = directiveConfig ?? new CspDirectiveConfiguration();
result.Enabled = directiveOverride.Enabled;
if (directiveOverride.None.HasValue)
{
result.NoneSrc = (bool)directiveOverride.None;
}
//Keep track if other sources have been enabled, so none must be disabled.
var disableNone = false;
if (directiveOverride.Self.HasValue)
{
result.SelfSrc = (bool)directiveOverride.Self;
disableNone = result.SelfSrc;
}
if (directiveOverride.UnsafeEval.HasValue)
{
result.UnsafeEvalSrc = (bool)directiveOverride.UnsafeEval;
disableNone = disableNone || result.UnsafeEvalSrc;
}
if (directiveOverride.UnsafeInline.HasValue)
{
result.UnsafeInlineSrc = (bool)directiveOverride.UnsafeInline;
disableNone = disableNone || result.UnsafeInlineSrc;
}
if (!directiveOverride.InheritOtherSources)
{
result.CustomSources = EmptySources;
}
if (directiveOverride.OtherSources != null && directiveOverride.OtherSources.Length > 0)
{
var newSources = new List <string>(result.CustomSources);
newSources.AddRange(directiveOverride.OtherSources);
result.CustomSources = newSources.Distinct();
disableNone = true;
}
if (disableNone)
{
result.NoneSrc = false;
}
return(result);
}
public void SetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive,
ICspDirectiveConfiguration directiveConfig)
{
switch (directive)
{
case CspDirectives.DefaultSrc:
cspConfig.DefaultSrcDirective = directiveConfig;
return;
case CspDirectives.ScriptSrc:
cspConfig.ScriptSrcDirective = directiveConfig;
return;
case CspDirectives.ObjectSrc:
cspConfig.ObjectSrcDirective = directiveConfig;
return;
case CspDirectives.StyleSrc:
cspConfig.StyleSrcDirective = directiveConfig;
return;
case CspDirectives.ImgSrc:
cspConfig.ImgSrcDirective = directiveConfig;
return;
case CspDirectives.MediaSrc:
cspConfig.MediaSrcDirective = directiveConfig;
return;
case CspDirectives.FrameSrc:
cspConfig.FrameSrcDirective = directiveConfig;
return;
case CspDirectives.FontSrc:
cspConfig.FontSrcDirective = directiveConfig;
return;
case CspDirectives.ConnectSrc:
cspConfig.ConnectSrcDirective = directiveConfig;
return;
case CspDirectives.BaseUri:
cspConfig.BaseUriDirective = directiveConfig;
return;
case CspDirectives.ChildSrc:
cspConfig.ChildSrcDirective = directiveConfig;
return;
case CspDirectives.FormAction:
cspConfig.FormActionDirective = directiveConfig;
return;
case CspDirectives.FrameAncestors:
cspConfig.FrameAncestorsDirective = directiveConfig;
return;
case CspDirectives.ManifestSrc:
cspConfig.ManifestSrcDirective = directiveConfig;
return;
case CspDirectives.WorkerSrc:
cspConfig.WorkerSrcDirective = directiveConfig;
return;
default:
throw new NotImplementedException("The mapping for " + directive + " was not implemented.");
}
}
public void SetCspDirectiveConfig(ICspConfiguration cspConfig, CspDirectives directive,
ICspDirectiveConfiguration directiveConfig)
{
switch (directive)
{
case CspDirectives.DefaultSrc:
cspConfig.DefaultSrcDirective = directiveConfig;
return;
case CspDirectives.ScriptSrc:
cspConfig.ScriptSrcDirective = directiveConfig;
return;
case CspDirectives.ObjectSrc:
cspConfig.ObjectSrcDirective = directiveConfig;
return;
case CspDirectives.StyleSrc:
cspConfig.StyleSrcDirective = directiveConfig;
return;
case CspDirectives.ImgSrc:
cspConfig.ImgSrcDirective = directiveConfig;
return;
case CspDirectives.MediaSrc:
cspConfig.MediaSrcDirective = directiveConfig;
return;
case CspDirectives.FrameSrc:
cspConfig.FrameSrcDirective = directiveConfig;
return;
case CspDirectives.FontSrc:
cspConfig.FontSrcDirective = directiveConfig;
return;
case CspDirectives.ConnectSrc:
cspConfig.ConnectSrcDirective = directiveConfig;
return;
case CspDirectives.BaseUri:
cspConfig.BaseUriDirective = directiveConfig;
return;
case CspDirectives.ChildSrc:
cspConfig.ChildSrcDirective = directiveConfig;
return;
case CspDirectives.FormAction:
cspConfig.FormActionDirective = directiveConfig;
return;
case CspDirectives.FrameAncestors:
cspConfig.FrameAncestorsDirective = directiveConfig;
return;
default:
throw new NotImplementedException("The mapping for " + directive + " was not implemented.");
}
}
private List<string> GetDirectiveList(ICspDirectiveConfiguration directive)
{
if (directive == null || !directive.Enabled)
return null;
var sources = new List<string>();
if (directive.NoneSrc)
{
sources.Add("'none'");
}
if (directive.SelfSrc)
{
sources.Add("'self'");
}
if (directive.UnsafeInlineSrc)
{
sources.Add("'unsafe-inline'");
}
if (!string.IsNullOrEmpty(directive.Nonce))
{
var nonce = "'nonce-" + directive.Nonce + "'";
sources.Add(nonce);
}
if (directive.UnsafeEvalSrc)
{
sources.Add("'unsafe-eval'");
}
if (directive.CustomSources != null)
{
sources.AddRange(directive.CustomSources);
}
return sources.Count > 0 ? sources : null;
}
