Skip to content

Commit

Permalink
Allow adding multiple uris to CSP builder AddFrameAncestors()
Browse files Browse the repository at this point in the history
`AddFrameAncestors()` derives from `CspDirectiveBuilderBase` rather than `CspDirectiveBuilder`, so the normal extensions don't apply

Fixes #178
  • Loading branch information
andrewlock committed Sep 9, 2024
1 parent b2686a0 commit 706ad12
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,26 @@ public FrameAncestorsDirectiveBuilder From(string uri)
return this;
}

/// <summary>
/// Allow resources from the given <paramref name="uris"/>. May be any non-empty value.
/// </summary>
/// <param name="uris">The URIs to allow.</param>
/// <returns>The CSP builder for method chaining</returns>
public FrameAncestorsDirectiveBuilder From(IEnumerable<string> uris)
{
foreach (var uri in uris)
{
if (string.IsNullOrWhiteSpace(uri))
{
throw new System.ArgumentException("Uri may not be null or empty", nameof(uri));
}

Sources.Add(uri);
}

return this;
}

/// <summary>
/// Allow resources served over https
/// </summary>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -356,11 +356,11 @@ public void Build_AddFrameAncestors_WhenAddsMultipleValue_ReturnsAllValues()
.Self()
.Blob()
.Data()
.From("http://testUrl.com");
.From(["http://testUrl.com", "https://testUrl.com"]);

var result = builder.Build();

result.ConstantValue.Should().Be("frame-ancestors 'self' blob: data: http://testUrl.com");
result.ConstantValue.Should().Be("frame-ancestors 'self' blob: data: http://testUrl.com https://testUrl.com");
}

[Fact]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,7 @@ namespace NetEscapades.AspNetCore.SecurityHeaders.Headers.ContentSecurityPolicy
public System.Collections.Generic.List<string> Sources { get; }
public NetEscapades.AspNetCore.SecurityHeaders.Headers.ContentSecurityPolicy.FrameAncestorsDirectiveBuilder Blob() { }
public NetEscapades.AspNetCore.SecurityHeaders.Headers.ContentSecurityPolicy.FrameAncestorsDirectiveBuilder Data() { }
public NetEscapades.AspNetCore.SecurityHeaders.Headers.ContentSecurityPolicy.FrameAncestorsDirectiveBuilder From(System.Collections.Generic.IEnumerable<string> uris) { }
public NetEscapades.AspNetCore.SecurityHeaders.Headers.ContentSecurityPolicy.FrameAncestorsDirectiveBuilder From(string uri) { }
public NetEscapades.AspNetCore.SecurityHeaders.Headers.ContentSecurityPolicy.FrameAncestorsDirectiveBuilder None() { }
public NetEscapades.AspNetCore.SecurityHeaders.Headers.ContentSecurityPolicy.FrameAncestorsDirectiveBuilder OverHttps() { }
Expand Down

0 comments on commit 706ad12

Please sign in to comment.