C# (CSharp) XFrameOptionsHeader示例

示例#1

文件： XFrameOptionsOptionsBuilderTests.cs 项目： void-type/VoidCore

    public void Empty_options_is_deny()
    {
        var builder = new XFrameOptionsOptionsBuilder();

        var header = new XFrameOptionsHeader(builder.Build());

        Assert.Equal("X-Frame-Options", header.Key);
        Assert.Equal("deny", header.Value);
    }

示例#2

    /// <summary>
    /// Invoke the middleware.
    /// </summary>
    /// <param name="context">The current HttpContext</param>
    public Task Invoke(HttpContext context)
    {
        context.EnsureNotNull(nameof(context));

        var header = new XFrameOptionsHeader(_options);

        context.Response.Headers.Add(header.Key, header.Value);
        return(_next(context));
    }

示例#3

文件： XFrameOptionsOptionsBuilderTests.cs 项目： void-type/VoidCore

    public void AllowFrom_option_is_allow_with_uri()
    {
        var builder = new XFrameOptionsOptionsBuilder();

        builder.AllowFrom("https://some.uri");

        var header = new XFrameOptionsHeader(builder.Build());

        Assert.Equal("X-Frame-Options", header.Key);
        Assert.Equal("allow-from https://some.uri", header.Value);
    }

示例#4

文件： XFrameOptionsOptionsBuilderTests.cs 项目： void-type/VoidCore

    public void SameOrigin_option_is_sameorigin()
    {
        var builder = new XFrameOptionsOptionsBuilder();

        builder.SameOrigin();

        var header = new XFrameOptionsHeader(builder.Build());

        Assert.Equal("X-Frame-Options", header.Key);
        Assert.Equal("sameorigin", header.Value);
    }

示例#5

文件： XFrameOptionsHeaderExtensions.cs 项目： thien93/NetEscapades.AspNetCore.SecurityHeaders

 /// <summary>
 /// Add X-Frame-Options ALLOW-FROM {uri} to all requests, where the uri is provided
 /// The page can only be displayed in a frame on the specified origin.
 /// </summary>
 /// <param name="policies">The collection of policies</param>
 /// <param name="uri">The uri of the origin in which the page may be displayed in a frame</param>
 public static HeaderPolicyCollection AddFrameOptionsSameOrigin(this HeaderPolicyCollection policies, string uri)
 {
     return(policies.ApplyPolicy(XFrameOptionsHeader.AllowFromUri(uri)));
 }

示例#6

文件： XFrameOptionsHeaderExtensions.cs 项目： thien93/NetEscapades.AspNetCore.SecurityHeaders

 /// <summary>
 /// Add X-Frame-Options SAMEORIGIN to all requests.
 /// The page can only be displayed in a frame on the same origin as the page itself.
 /// </summary>
 /// <param name="policies">The collection of policies</param>
 public static HeaderPolicyCollection AddFrameOptionsSameOrigin(this HeaderPolicyCollection policies)
 {
     return(policies.ApplyPolicy(XFrameOptionsHeader.SameOrigin()));
 }

示例#7

文件： XFrameOptionsHeaderExtensions.cs 项目： thien93/NetEscapades.AspNetCore.SecurityHeaders

 /// <summary>
 /// Add X-Frame-Options DENY to all requests.
 /// The page cannot be displayed in a frame, regardless of the site attempting to do so
 /// </summary>
 /// <param name="policies">The collection of policies</param>
 public static HeaderPolicyCollection AddFrameOptionsDeny(this HeaderPolicyCollection policies)
 {
     return(policies.ApplyPolicy(XFrameOptionsHeader.Deny()));
 }