示例#1
0
        public async Task XFrameOptionsHeaderMiddleware_EmitsXFrameOptionsHeaderWithSameOriginValue()
        {
            // Arrange
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseXFrameOptionsHeader(XFrameOption.SameOrigin);
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.True(response.Headers.Contains(XFrameOptionsHeaderMiddleware.XFrameOptionsHeaderName));
            Assert.Equal("SAMEORIGIN", response.Headers.GetValues(XFrameOptionsHeaderMiddleware.XFrameOptionsHeaderName).First());
        }
示例#2
0
        public async Task XFrameOptionsHeaderMiddleware_EmitsXFrameOptionsHeaderWithAllowFromValue()
        {
            // Arrange
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseXFrameOptionsHeader(XFrameOption.CreateAllowFrom(new Uri("http://localhost/")));
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.True(response.Headers.Contains(XFrameOptionsHeaderMiddleware.XFrameOptionsHeaderName));
            Assert.Equal("ALLOW-FROM http://localhost/", response.Headers.GetValues(XFrameOptionsHeaderMiddleware.XFrameOptionsHeaderName).First());
        }
        public async Task CanonicalDomainMiddleware_RedirectToHttps()
        {
            // Arrange
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseCanonicalDomain(requireHttps: true);
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.Equal(HttpStatusCode.MovedPermanently, response.StatusCode);
            Assert.Equal("https", response.Headers.Location.Scheme);
        }
        public async Task XContentTypeOptionsHeaderMiddleware_EmitsXFrameOptionsHeaderWithNosniffValue()
        {
            // Arrange
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseXContentTypeOptionsHeader();
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.True(response.Headers.Contains(XContentTypeOptionsHeaderMiddleware.XContentTypeOptionsHeaderName));
            Assert.Equal("nosniff", response.Headers.GetValues(XContentTypeOptionsHeaderMiddleware.XContentTypeOptionsHeaderName).First());
        }
        public async Task ReferrerPolicyHeaderMiddleware_EmitsReferrerPolicyOptionValue(ReferrerPolicy policy, string value)
        {
            // Arrane
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseReferrerPolicyHeader(policy);
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.True(response.Headers.Contains(ReferrerPolicyHeaderMiddleware.ReferrerPolicyHeaderName));
            Assert.Equal(value, response.Headers.GetValues(ReferrerPolicyHeaderMiddleware.ReferrerPolicyHeaderName).First());
        }
示例#6
0
        public async Task StrictTransportSecurityHeaderMiddleware_DoesntEmitStrictTransportSecurityHeaderForHttpRequests()
        {
            // Arrange
            var maxAge = TimeSpan.FromDays(1);
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseStrictTransportSecurityHeader(maxAge);
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.False(response.Headers.Contains(StrictTransportSecurityHeaderMiddleware.StrictTransportSecurityHeaderName));
        }
        public async Task CanonicalDomainMiddleware_RedirectsToCanonicalDomain()
        {
            // Arrange
            var canonicalDomain = "other.com";
            var server          = PersonalSiteTestServer.Create(app =>
            {
                app.UseCanonicalDomain(domain: canonicalDomain);
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.Equal(HttpStatusCode.MovedPermanently, response.StatusCode);
            Assert.Equal(response.Headers.Location.Host, canonicalDomain);
        }
        public async Task XXSSProtectionHeaderMiddleware_EmitsXXSSProtectionHeaderDisabled()
        {
            // Arrange
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseXXSSProtectionHeader(enabled: false);
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.True(response.Headers.Contains(XXSSProtectionHeaderMiddleware.XXSSProtectionHeaderName));
            Assert.StartsWith("0", response.Headers.GetValues(XXSSProtectionHeaderMiddleware.XXSSProtectionHeaderName).First());
            Assert.DoesNotContain("mode", response.Headers.GetValues(XXSSProtectionHeaderMiddleware.XXSSProtectionHeaderName).First());
        }
        public async Task XXSSProtectionHeaderMiddleware_EmitsXXSSProtectionHeaderWithBlockMode()
        {
            // Arrange
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseXXSSProtectionHeader(enabled: true, mode: XXSSProtectionMode.Block);
            });

            // Act
            var response = await server.CreateRequest("http://server/").GetAsync();

            // Assert
            Assert.True(response.Headers.Contains(XXSSProtectionHeaderMiddleware.XXSSProtectionHeaderName));
            Assert.StartsWith("1", response.Headers.GetValues(XXSSProtectionHeaderMiddleware.XXSSProtectionHeaderName).First());
            Assert.EndsWith("mode=block", response.Headers.GetValues(XXSSProtectionHeaderMiddleware.XXSSProtectionHeaderName).First());
        }
示例#10
0
        public async Task StrictTransportSecurityHeaderMiddleware_EmitsStrictTransportSecurityHeaderWithPreloadValue()
        {
            // Arrange
            var maxAge = TimeSpan.FromDays(1);
            var server = PersonalSiteTestServer.Create(app =>
            {
                app.UseStrictTransportSecurityHeader(maxAge, preload: true);
            });

            // Act
            var response = await server.CreateRequest("https://server/").GetAsync();

            // Assert
            Assert.True(response.Headers.Contains(StrictTransportSecurityHeaderMiddleware.StrictTransportSecurityHeaderName));
            Assert.EndsWith("preload", response.Headers.GetValues(StrictTransportSecurityHeaderMiddleware.StrictTransportSecurityHeaderName).First());
        }
        public async Task CanonicalDomainMiddleware_RedirectKeepsPathAndQueryIntact()
        {
            // Arrange
            var canonicalDomain = "other.com";
            var pathAndQuery    = "path?query=value";
            var server          = PersonalSiteTestServer.Create(app =>
            {
                app.UseCanonicalDomain(domain: canonicalDomain);
            });

            // Act
            var response = await server.CreateRequest($"http://wrong.com/{pathAndQuery}").GetAsync();

            // Assert
            Assert.Equal(HttpStatusCode.MovedPermanently, response.StatusCode);
            Assert.Equal(canonicalDomain, response.Headers.Location.Host);
            Assert.Equal(pathAndQuery, response.Headers.Location.PathAndQuery.TrimStart('/'));
        }