Class ContentSecurityPolicyHeaderValue

Represents value of Content-Security-Policy or Content-Security-Policy-Report-Only header.

Inheritance

System.Object

ContentSecurityPolicyHeaderValue

Inherited Members

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

Namespace: Lib.AspNetCore.Security.Http.Headers

Assembly: Lib.AspNetCore.Security.dll

Syntax

public class ContentSecurityPolicyHeaderValue

Constructors

ContentSecurityPolicyHeaderValue()

Instantiates a new ContentSecurityPolicyHeaderValue.

Declaration

public ContentSecurityPolicyHeaderValue()

Fields

NoneSource

The source list keyword to match nothing.

Declaration

public const string NoneSource = "'none'"

Field Value

Type	Description
System.String

SelfSource

The source list keyword to match current URL’s origin.

Declaration

public const string SelfSource = "'self'"

Field Value

Type	Description
System.String

UnsafeEvalSource

The source list keyword to allow the use of eval() and similar methods for creating code from strings.

Declaration

public const string UnsafeEvalSource = "'unsafe-eval'"

Field Value

Type	Description
System.String

Properties

BaseUri

Gets or sets the list of URLs that can be used to specify the document base URL.

Declaration

public string BaseUri { get; set; }

Property Value

Type	Description
System.String

BlockAllMixedContent

Gets or sets the value indicating if block-all-mixed-content directive should be included.

Declaration

public bool BlockAllMixedContent { get; set; }

Property Value

Type	Description
System.Boolean

ChildSources

Gets or sets the source list for web workers and nested browsing contexts.

Declaration

public string ChildSources { get; set; }

Property Value

Type	Description
System.String

ConnectSources

Gets or sets the source list for fetch, XMLHttpRequest, WebSocket, and EventSource connections.

Declaration

public string ConnectSources { get; set; }

Property Value

Type	Description
System.String

DefaultSources

Gets or sets the default source list for directives which can fall back to the default sources.

Declaration

public string DefaultSources { get; set; }

Property Value

Type	Description
System.String

FontSources

Gets or sets the source list for fonts loaded using @font-face.

Declaration

public string FontSources { get; set; }

Property Value

Type	Description
System.String

FormAction

Gets or sets the valid endpoints for form submissions.

Declaration

public string FormAction { get; set; }

Property Value

Type	Description
System.String

FrameAncestorsSources

Gets or sets the valid parents that may embed a page using the frame and iframe elements.

Declaration

public string FrameAncestorsSources { get; set; }

Property Value

Type	Description
System.String

FrameSources

Gets or sets the source list for nested browsing contexts loading using elements such as frame and iframe.

Declaration

public string FrameSources { get; set; }

Property Value

Type	Description
System.String

ImageSources

Gets or sets the source list for of images and favicons.

Declaration

public string ImageSources { get; set; }

Property Value

Type	Description
System.String

ManifestSources

Gets or sets the source list for manifest which can be applied to the resource.

Declaration

public string ManifestSources { get; set; }

Property Value

Type	Description
System.String

MediaSources

Gets or sets the source list for loading media using the audio and video elements.

Declaration

public string MediaSources { get; set; }

Property Value

Type	Description
System.String

ObjectSources

Gets or sets the source list for the object, embed, and applet elements.

Declaration

public string ObjectSources { get; set; }

Property Value

Type	Description
System.String

PluginTypes

Gets or sets the types of plugins that can be embedded into a document.

Declaration

public string PluginTypes { get; set; }

Property Value

Type	Description
System.String

ReportUri

Gets or sets the URL to which the user agent should send reports about policy violations.

Declaration

public string ReportUri { get; set; }

Property Value

Type	Description
System.String

RequireSriFor

Gets or sets the value indicating if the use of Subresource Integrity is required for scripts or/and styles.

Declaration

public ContentSecurityPolicyRequireSriFor? RequireSriFor { get; set; }

Property Value

Type	Description
System.Nullable<ContentSecurityPolicyRequireSriFor>

Sandbox

Gets or sets the value indicating if sandbox policy should be applied.

Declaration

public bool Sandbox { get; set; }

Property Value

Type	Description
System.Boolean

SandboxFlags

Gets or sets the sandboxing flags (only used when Sandbox is true).

Declaration

public ContentSecurityPolicySandboxFlags SandboxFlags { get; set; }

Property Value

Type	Description
ContentSecurityPolicySandboxFlags

ScriptInlineExecution

Gets or sets the inline execution mode for scripts.

Declaration

public ContentSecurityPolicyInlineExecution ScriptInlineExecution { get; set; }

Property Value

Type	Description
ContentSecurityPolicyInlineExecution

ScriptSources

Gets or sets the source list for scripts.

Declaration

public string ScriptSources { get; set; }

Property Value

Type	Description
System.String

StyleInlineExecution

Gets or sets the inline execution mode for stylesheets.

Declaration

public ContentSecurityPolicyInlineExecution StyleInlineExecution { get; set; }

Property Value

Type	Description
ContentSecurityPolicyInlineExecution

StyleSources

Gets or sets the source list for stylesheets.

Declaration

public string StyleSources { get; set; }

Property Value

Type	Description
System.String

UpgradeInsecureRequests

Gets or sets the value indicating if upgrade-insecure-requests directive should be included.

Declaration

public bool UpgradeInsecureRequests { get; set; }

Property Value

Type	Description
System.Boolean

WorkerSources

Gets or sets the source list for Worker, SharedWorker, or ServiceWorker scripts.

Declaration

public string WorkerSources { get; set; }

Property Value

Type	Description
System.String

Methods

ToString()

Gets the string representation of header value.

Declaration

public override string ToString()

Returns

Type	Description
System.String	The string representation of header value.

Overrides

System.Object.ToString()

ToString(IEnumerable<String>, IEnumerable<String>)

Gets the string representation of header value.

Declaration

public string ToString(IEnumerable<string> scriptsHashes, IEnumerable<string> stylesHashes)

Parameters

Type	Name	Description
System.Collections.Generic.IEnumerable<System.String>	scriptsHashes	The inline scripts hashes for inline execution source list.
System.Collections.Generic.IEnumerable<System.String>	stylesHashes	The inline styles hashes for inline execution source list.

Returns

Type	Description
System.String	The string representation of header value.

ToString(String)

Gets the string representation of header value.

Declaration

public string ToString(string nonce)

Parameters

Type	Name	Description
System.String	nonce	The nonce to be used for inline execution source lists.

Returns

Type	Description
System.String	The string representation of header value.

ToString(String, IEnumerable<String>, IEnumerable<String>)

Gets the string representation of header value.

Declaration

public string ToString(string nonce, IEnumerable<string> scriptsHashes, IEnumerable<string> stylesHashes)

Parameters

Type	Name	Description
System.String	nonce	The nonce to be used for inline execution source lists.
System.Collections.Generic.IEnumerable<System.String>	scriptsHashes	The inline scripts hashes for inline execution source list.
System.Collections.Generic.IEnumerable<System.String>	stylesHashes	The inline styles hashes for inline execution source list.

Returns

Type	Description
System.String	The string representation of header value.