Class ContentSecurityPolicyHeaderBuilder
Helper functions for configuring content security policy.
Inherited Members
Namespace: IRM.AspNetCore.Http.Headers
Assembly: IRM.AspNetCore.Mvc.dll
Syntax
public class ContentSecurityPolicyHeaderBuilderProperties
AllowAudioAndVideo
Set up rules for audio and video in e.g. HTML5 audio and video elements.
Declaration
public CspMediaBuilder AllowAudioAndVideo { get; }Property Value
|
CspMediaBuilder
|
AllowBaseUri
Set up rules for allowed <base> element sources. It is used to control what can be used as the base URI for the document.
Declaration
public CspBaseUriBuilder AllowBaseUri { get; }Property Value
|
CspBaseUriBuilder
|
AllowConnections
Set up rules for AJAX, WebSockets and EventSource.
Declaration
public CspConnectionBuilder AllowConnections { get; }Property Value
|
CspConnectionBuilder
|
AllowFonts
Set up rules for fonts.
Declaration
public CspFontsBuilder AllowFonts { get; }Property Value
|
CspFontsBuilder
|
AllowFormActions
Set up rules for form action targets
Declaration
public CspFormActionBuilder AllowFormActions { get; }Property Value
|
CspFormActionBuilder
|
AllowFrames
Set up rules for frames and iframes.
Declaration
public CspFrameBuilder AllowFrames { get; }Property Value
|
CspFrameBuilder
|
AllowFraming
Set up rules for where this app can be embedded.
Declaration
public CspFrameAncestorsBuilder AllowFraming { get; }Property Value
|
CspFrameAncestorsBuilder
|
AllowImages
Set up rules for images.
Declaration
public CspImageBuilder AllowImages { get; }Property Value
|
CspImageBuilder
|
AllowManifest
Set up rules for where this app can load web manifests from.
Declaration
public CspManifestBuilder AllowManifest { get; }Property Value
|
CspManifestBuilder
|
AllowObjects
Set up rules for <object> elements.
Declaration
public CspObjectBuilder AllowObjects { get; }Property Value
|
CspObjectBuilder
|
AllowPlugins
Set up rules for plugins in e.g. <object> elements.
Declaration
public CspPluginBuilder AllowPlugins { get; }Property Value
|
CspPluginBuilder
|
AllowPrefetch
Sets up rules for where this app can pre-fetch/pre-render content from
Declaration
public CspPrefetchBuilder AllowPrefetch { get; }Property Value
|
CspPrefetchBuilder
|
AllowScripts
Set rules for JavaScript.
Declaration
public CspScriptsBuilder AllowScripts { get; }Property Value
|
CspScriptsBuilder
|
AllowStyles
Set rules for styles.
Declaration
public CspStyleBuilder AllowStyles { get; }Property Value
|
CspStyleBuilder
|
AllowWorkers
Set up rules for workers, shared workers and service workers.
Declaration
public CspWorkerBuilder AllowWorkers { get; }Property Value
|
CspWorkerBuilder
|
ByDefaultAllow
Set up default rules for resources for which no rules exist.
Declaration
public CspDefaultBuilder ByDefaultAllow { get; }Property Value
|
CspDefaultBuilder
|
Methods
Build()
Creates the ContentSecurityPolicyHeader.
Declaration
public ContentSecurityPolicyConfiguration Build()Returns
| ContentSecurityPolicyConfiguration |
EnableSandbox()
Enables sandboxing of the app in the browser.
Declaration
public CspSandboxBuilder EnableSandbox()Returns
|
CspSandboxBuilder
Builder for setting up exceptions to sandboxing. |
ReportViolationsTo(String)
Sets the url where violation reports are sent.
Declaration
public ContentSecurityPolicyHeaderBuilder ReportViolationsTo(string url)Parameters
|
String
url
The url where vioaltion resports should be sent. |
Returns
| ContentSecurityPolicyHeaderBuilder |
SetReportOnly()
Sets the policy to only report violations and not block anything. Useful when testing.
Declaration
public ContentSecurityPolicyHeaderBuilder SetReportOnly()Returns
| ContentSecurityPolicyHeaderBuilder |
SetUpgradeInsecureRequests()
All insecure URL's will be treated as though they have been replaced with secure URL's.
Declaration
public ContentSecurityPolicyHeaderBuilder SetUpgradeInsecureRequests()Returns
| ContentSecurityPolicyHeaderBuilder |
TurnOffBlockAllMixedContent()
Allows assets to come from both secure and insecure URL's.
Declaration
public ContentSecurityPolicyHeaderBuilder TurnOffBlockAllMixedContent()Returns
| ContentSecurityPolicyHeaderBuilder |