tsai
/
abp
mirror of https://github.com/abpframework/abp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add AbpSecurityHeaderNonceHelper

pull/16496/head
Salih 3 years ago
parent
fc6f75f472
commit
bc37a62d37
2 changed files with 27 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpNonceScriptTagHelper.cs
  2. 23
      framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeaderNonceHelper.cs

10
framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap/TagHelpers/Script/AbpNonceTagHelper.cs → framework/src/Volo.Abp.AspNetCore.Mvc.UI.Bundling/Volo/Abp/AspNetCore/Mvc/UI/Bundling/TagHelpers/AbpNonceScriptTagHelper.cs
View File

@ -1,20 +1,18 @@
using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.AspNetCore.Mvc.ViewFeatures; using Microsoft.AspNetCore.Mvc.ViewFeatures;
using Microsoft.AspNetCore.Razor.TagHelpers; using Microsoft.AspNetCore.Razor.TagHelpers;
using Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers;
namespace Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.TagHelpers.Script; namespace Volo.Abp.AspNetCore.Mvc.UI.Bundling.TagHelpers;
[HtmlTargetElement("script")]
[HtmlTargetElement("script", Attributes = "abp-nonce")] public class AbpNonceScriptTagHelper : AbpTagHelper
public class AbpNonceTagHelper : AbpTagHelper
{ {
[HtmlAttributeNotBound] [HtmlAttributeNotBound]
[ViewContext] [ViewContext]
public ViewContext ViewContext { get; set; } public ViewContext ViewContext { get; set; }
public override void Process(TagHelperContext context, TagHelperOutput output) public override void Process(TagHelperContext context, TagHelperOutput output)
{ {
output.Attributes.RemoveAll("abp-nonce");
if (ViewContext.HttpContext.Items.TryGetValue(AbpAspNetCoreConsts.ScriptNonceKey, out var nonce) && nonce is string nonceString && !string.IsNullOrEmpty(nonceString)) if (ViewContext.HttpContext.Items.TryGetValue(AbpAspNetCoreConsts.ScriptNonceKey, out var nonce) && nonce is string nonceString && !string.IsNullOrEmpty(nonceString))
{ {
output.Attributes.Add("nonce", nonceString); output.Attributes.Add("nonce", nonceString);

23
framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeaderNonceHelper.cs
View File

@ -0,0 +1,23 @@
using Microsoft.AspNetCore.Html;
using Microsoft.AspNetCore.Mvc.Rendering;
namespace Volo.Abp.AspNetCore.Security;
public static class AbpSecurityHeaderNonceHelper
{
public static string GetScriptNonce(this IHtmlHelper htmlHelper)
{
if (htmlHelper.ViewContext.HttpContext.Items.TryGetValue(AbpAspNetCoreConsts.ScriptNonceKey, out var nonce) && nonce is string nonceString && !string.IsNullOrEmpty(nonceString))
{
return nonceString;
}
return string.Empty;
}
public static string GetScriptNonceAttribute(this IHtmlHelper htmlHelper)
{
var nonce = htmlHelper.GetScriptNonce();
return string.IsNullOrEmpty(nonce) ? string.Empty : $"nonce=\"{nonce}\"";
}
}
Write Preview
Loading…
Cancel
Save