AspLabs/CSP/src/ContentSecurityPolicyBuilder.cs at fd5290869e3807b61d8128db7d9a5e1736d36b8f · aspnet/AspLabs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using Microsoft.Extensions.Logging;

namespace Microsoft.AspNetCore.Csp
{
    /// <summary>
    /// Allows customizing content security policies
    /// </summary>
    public class ContentSecurityPolicyBuilder
    {
        private CspMode _cspMode;
        private bool _strictDynamic;
        private bool _unsafeEval;
        private string _reportingUri;
        private LogLevel _logLevel = LogLevel.Information;

        public ContentSecurityPolicyBuilder WithCspMode(CspMode cspMode)
        {
            _cspMode = cspMode;
            return this;
        }

        public ContentSecurityPolicyBuilder WithStrictDynamic()
        {
            _strictDynamic = true;
            return this;
        }

        public ContentSecurityPolicyBuilder WithUnsafeEval()
        {
            _unsafeEval = true;
            return this;
        }
        public ContentSecurityPolicyBuilder WithReportingUri(string reportingUri)
        {
            // TODO: normalize URL
            _reportingUri = reportingUri;
            return this;
        }

        public ContentSecurityPolicyBuilder WithLogLevel(LogLevel logLevel)
        {
            _logLevel = logLevel;
            return this;
        }

        /// <summary>
        /// Whether the policy specifies a relative reporting URI.
        /// </summary>
        /// <remarks>
        /// If this method returns true, a handler for the reporting endpoint will be automatically added to this application.
        /// </remarks>
        public bool HasLocalReporting()
        {
            return _reportingUri != null && _reportingUri.StartsWith("/");
        }

        public CspReportLogger ReportLogger(ICspReportLoggerFactory loggerFactory)
        {
            return loggerFactory.BuildLogger(_logLevel, _reportingUri);
        }

        public ContentSecurityPolicy Build()
        {
            if (_cspMode == CspMode.NONE)
            {
                // TODO: Error message
                throw new InvalidOperationException();
            }

            if (_cspMode == CspMode.REPORTING && _reportingUri == null)
            {
                // TODO: Error message
                throw new InvalidOperationException();
            }

            return new ContentSecurityPolicy(
                _cspMode,
                _strictDynamic,
                _unsafeEval,
                _reportingUri
            );
        }
    }
}