Class ContentSecurityPolicyConfiguration
Represents the configuration of all directives of the Content Security Policy.
Inherited Members
Namespace: IRM.AspNetCore.Http.Headers
Assembly: IRM.AspNetCore.Mvc.dll
Syntax
public class ContentSecurityPolicyConfigurationProperties
BaseUri
Gets or sets the ContentSecurityPolicyBaseUri representing the base-uri of the Content Security Policy.
Declaration
public ContentSecurityPolicyBaseUri BaseUri { get; set; }Property Value
|
ContentSecurityPolicyBaseUri
|
BlockAllMixedContent
Gets or sets if all assets using HTTP should be blocked when the page is loaded using HTTPS. Defaults to true.
Declaration
public bool BlockAllMixedContent { get; set; }Property Value
|
Boolean
|
ConnectSource
Gets or sets the ContentSecurityPolicyConnectSource representing the connect-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyConnectSource ConnectSource { get; set; }Property Value
|
ContentSecurityPolicyConnectSource
|
DefaultSource
Gets or sets the ContentSecurityPolicyDefaultSource representing the default-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyDefaultSource DefaultSource { get; set; }Property Value
|
ContentSecurityPolicyDefaultSource
|
FontSource
Gets or sets the ContentSecurityPolicyFontSource representing the font-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyFontSource FontSource { get; set; }Property Value
|
ContentSecurityPolicyFontSource
|
FormAction
Gets or sets the ContentSecurityPolicyFormAction representing the form-action of the Content Security Policy.
Declaration
public ContentSecurityPolicyFormAction FormAction { get; set; }Property Value
|
ContentSecurityPolicyFormAction
|
FrameAncestors
Gets or sets the ContentSecurityPolicyFrameAncestors representing the frame-ancestors of the Content Security Policy.
Declaration
public ContentSecurityPolicyFrameAncestors FrameAncestors { get; set; }Property Value
|
ContentSecurityPolicyFrameAncestors
|
FrameSource
Gets or sets the ContentSecurityPolicyFrameSource representing the frame-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyFrameSource FrameSource { get; set; }Property Value
|
ContentSecurityPolicyFrameSource
|
ImgSource
Gets or sets the ContentSecurityPolicyImgSource representing the img-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyImgSource ImgSource { get; set; }Property Value
|
ContentSecurityPolicyImgSource
|
IsNonceServiceNeeded
Gets if a IContentSecurityPolicyNonceService is needed or not.
Declaration
public bool IsNonceServiceNeeded { get; }Property Value
|
Boolean
|
ManifestSource
Gets or sets the ContentSecurityPolicyManifestSource representing the manifest-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyManifestSource ManifestSource { get; set; }Property Value
|
ContentSecurityPolicyManifestSource
|
MediaSource
Gets or sets the ContentSecurityPolicyMediaSource representing the media-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyMediaSource MediaSource { get; set; }Property Value
|
ContentSecurityPolicyMediaSource
|
ObjectSource
Gets or sets the ContentSecurityPolicyObjectSource representing the object-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyObjectSource ObjectSource { get; set; }Property Value
|
ContentSecurityPolicyObjectSource
|
PluginTypes
Gets or sets the ContentSecurityPolicyPluginTypes representing the plugin-types of the Content Security Policy.
Declaration
public ContentSecurityPolicyPluginTypes PluginTypes { get; set; }Property Value
|
ContentSecurityPolicyPluginTypes
|
PrefetchSource
Gets or sets the ContentSecurityPolicyPrefetchSource representing the prefetch-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyPrefetchSource PrefetchSource { get; set; }Property Value
|
ContentSecurityPolicyPrefetchSource
|
ReportOnly
Gets or sets if violations is reported only (and not blocked).
Declaration
public bool ReportOnly { get; set; }Property Value
|
Boolean
|
ReportToUrl
Gets or sets the report-to field, which instructs the user agent to send violation report to the specified url.
Declaration
public string ReportToUrl { get; set; }Property Value
|
String
|
Sandbox
Gets or sets the ContentSecurityPolicySandbox representing the sandbox of the Content Security Policy.
Declaration
public ContentSecurityPolicySandbox Sandbox { get; set; }Property Value
|
ContentSecurityPolicySandbox
|
ScriptSource
Gets or sets the ContentSecurityPolicyScriptSource representing the script-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyScriptSource ScriptSource { get; set; }Property Value
|
ContentSecurityPolicyScriptSource
|
StyleSource
Gets or sets the ContentSecurityPolicyStyleSource representing the style-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyStyleSource StyleSource { get; set; }Property Value
|
ContentSecurityPolicyStyleSource
|
UpgradeInsecureRequests
Gets or sets if user agents should treat all insecure URL's as though they have been replaced with secure URL's. This directive is intended for web sites with large number of insecure legacy URL's.
Declaration
public bool UpgradeInsecureRequests { get; set; }Property Value
|
Boolean
|
Remarks
The upgrade-insecure-requests directive is evaluated before block-all-mixed-content and if it is set, the latter is effectively a no-op. It is recommended to set either directive, but not both, unless you want to force HTTPS on older browsers that do not force it after a redirect to HTTP.
WorkerSource
Gets or sets the ContentSecurityPolicyWorkerSource representing the worker-src of the Content Security Policy.
Declaration
public ContentSecurityPolicyWorkerSource WorkerSource { get; set; }Property Value
|
ContentSecurityPolicyWorkerSource
|
Methods
GetAllDirectives(IContentSecurityPolicyNonceService)
Gets the content security policy directives based on this configuration.
Declaration
public string GetAllDirectives(IContentSecurityPolicyNonceService nonceService)Parameters
|
IContentSecurityPolicyNonceService
nonceService
The IContentSecurityPolicyNonceService used to create a nonce per request. |
Returns
|
String
The content security policy directives based on this configuration. |
PrepareDirectives()
Prepares all directives that can be cached, so that they are only created once and not for each request.
Declaration
public void PrepareDirectives()