public void Setup() { _env = new Dictionary<string, object>(); _env[RequestHeaderKey] = new Dictionary<string, string[]>(StringComparer.OrdinalIgnoreCase); //Per OWIN 1.0 spec. _env[ResponseHeaderKey] = new Dictionary<string, string[]>(StringComparer.OrdinalIgnoreCase); //Per OWIN 1.0 spec. _owinEnvironment = new OwinEnvironment(_env); }
internal override void PreInvokeNext(OwinEnvironment owinEnvironment) { owinEnvironment.NWebsecContext.XXssProtection = _config; if (_headerResult.Action == HeaderResult.ResponseAction.Set) { owinEnvironment.ResponseHeaders.SetHeader(_headerResult.Name, _headerResult.Value); } }
internal override void PreInvokeNext(OwinEnvironment owinEnvironment) { if (_config.HttpsOnly && !Https.Equals(owinEnvironment.RequestScheme, StringComparison.OrdinalIgnoreCase)) { return; } if (_headerResult.Action == HeaderResult.ResponseAction.Set) { owinEnvironment.ResponseHeaders.SetHeader(_headerResult.Name, _headerResult.Value); } }
public async Task Invoke(IDictionary<string, object> environment) { var env = new OwinEnvironment(environment); PreInvokeNext(env); if (_next != null) { await _next(environment); } PostInvokeNext(env); }
internal override void PostInvokeNext(OwinEnvironment environment) { var statusCode = environment.ResponseStatusCode; if (!_redirectValidator.IsRedirectStatusCode(statusCode)) { return; } var scheme = environment.RequestScheme; var hostandport = environment.RequestHeaders.Host; var requestUri = new Uri(scheme + "://" + hostandport); _redirectValidator.ValidateRedirect(statusCode, environment.ResponseHeaders.Location, requestUri, _config); }
internal override void PreInvokeNext(OwinEnvironment owinEnvironment) { if (_reportOnly) { owinEnvironment.NWebsecContext.CspReportOnly = _config; } else { owinEnvironment.NWebsecContext.Csp = _config; } if (_headerResult.Action == HeaderResult.ResponseAction.Set) { owinEnvironment.ResponseHeaders.SetHeader(_headerResult.Name, _headerResult.Value); } }
public async Task Invoke(IDictionary<string, object> environment) { var env = new OwinEnvironment(environment); if (HandleUpgradeInsecureRequest(env)) { return; } SetCspHeaders(env); if (_next != null) { await _next(environment); } }
internal bool HandleUpgradeInsecureRequest(OwinEnvironment env) { const string https = "https"; //Already on https. if (https.Equals(env.RequestScheme)) return false; //CSP upgrade-insecure-requests is disabled if (!_config.Enabled || !_config.UpgradeInsecureRequestsDirective.Enabled) return false; if (!CspUpgradeHelper.UaSupportsUpgradeInsecureRequests(env)) return false; var upgradeUri = new UriBuilder($"https://{env.RequestHeaders.Host}") { Port = _config.UpgradeInsecureRequestsDirective.HttpsPort, Path = env.RequestPathBase + env.RequestPath, }; //Redirect env.ResponseHeaders.SetHeader("Vary", "Upgrade-Insecure-Requests"); env.ResponseHeaders.Location = upgradeUri.Uri.AbsoluteUri; env.ResponseStatusCode = 307; return true; }
internal virtual void PostInvokeNext(OwinEnvironment environment) { }
internal static bool UaSupportsUpgradeInsecureRequests(OwinEnvironment env) { var upgradeHeader = env.RequestHeaders.GetHeaderValue("Upgrade-Insecure-Requests"); return upgradeHeader != null && upgradeHeader.Equals("1", StringComparison.Ordinal); }