private void addCspHeaders(IOwinContext context, ContentSecurityPolicyOptions options) { string requestHost = context.Request.Uri.Host; if (options.EnforceOnLocalhost == true || requestHost != "localhost") { context.Response.Headers.Add(options.Header, new[] { options.Directive }); } }
public ContentSecurityPolicy(OwinMiddleware next, ContentSecurityPolicyOptions options) : base(next) { _options = options; }