/// <summary> /// Enables the Cross Site Scripting protection filter in the client browser. /// </summary> /// <param name="xssMode"> /// The XSS Filter mode to use. Acceptable values are: zero, one, oneBlock, oneReport /// </param> /// <param name="reportUri"> /// An option uri to report any XSS filter voilation to. This parameter is optional /// and will only be used if the value of <param name="xssMode"/> is set to oneReport /// </param> /// If no value for <param name="xssMode"/> is supplied, then the default one will /// be used. This default is based on the OWASP best practises for XSS Protection /// <remarks></remarks> public static SecureHeadersMiddlewareConfiguration UseXSSProtection (this SecureHeadersMiddlewareConfiguration config, XssMode xssMode = XssMode.oneBlock, string reportUri = null) { config.UseXssProtection = true; config.XssConfiguration = new XssConfiguration(xssMode, reportUri); return(config); }
public XssConfiguration(XssMode xssMode, string reportUri = null) { XssSetting = xssMode; ReportUri = reportUri; }