protected CspDirectiveAttributeBase()
{
DirectiveConfig = new CspDirectiveOverride()
{
Enabled = true,
InheritOtherSources = true
};
_headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
public void Setup()
{
MockContext = new Mock<HttpContextBase>().Object;
_contextHelper = new Mock<IContextConfigurationHelper>(MockBehavior.Strict);
_directiveConfigMapper = new Mock<ICspConfigMapper>(MockBehavior.Strict);
_directiveOverrideHelper = new Mock<ICspDirectiveOverrideHelper>(MockBehavior.Strict);
CspConfigurationOverrideHelper = new CspConfigurationOverrideHelper(_contextHelper.Object, _directiveConfigMapper.Object, _directiveOverrideHelper.Object);
}
protected CspPluginTypesAttributeBase(params string[] mediaTypes)
{
_directive = new CspPluginTypesOverride { Enabled = true, InheritMediaTypes = true };
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
if (mediaTypes.Length > 0)
{
_directive.MediaTypes = mediaTypes;
}
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var configOverride = new CspPluginTypesOverride() { Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType } };
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
var attribute = string.Format("type=\"{0}\"", helper.AttributeEncode(mediaType));
return new HtmlString(attribute);
}
/// <summary>
/// Generates a CSP nonce HTML attribute. The 120-bit random nonce will be included in the CSP style-src directive.
/// </summary>
/// <param name="helper"></param>
public static IHtmlString CspStyleNonce(this HtmlHelper helper)
{
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var nonce = cspConfigurationOverrideHelper.GetCspStyleNonce(context);
if (context.Items["NWebsecStyleNonceSet"] == null)
{
context.Items["NWebsecStyleNonceSet"] = "set";
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
}
return CreateNonceAttribute(helper, nonce);
}
protected CspAttributeBase()
{
_config = new CspHeaderConfiguration { Enabled = true };
_headerConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
protected CspReportUriAttributeBase()
{
_directive = new CspReportUriDirectiveConfiguration { Enabled = true };
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}
protected CspSandboxAttributeBase()
{
_directive = new CspSandboxOverride { Enabled = true };
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
}