3 implementations of ContentSecurityPolicy
Microsoft.AspNetCore.Server.Kestrel.Core (3)
Internal\Http\HttpHeaders.Generated.cs (3)
2073StringValues IHeaderDictionary.ContentSecurityPolicy 10083StringValues IHeaderDictionary.ContentSecurityPolicy 16086StringValues IHeaderDictionary.ContentSecurityPolicy
4 writes to ContentSecurityPolicy
Aspire.Dashboard (1)
Model\BrowserSecurityHeadersMiddleware.cs (1)
69context.Response.Headers.ContentSecurityPolicy = context.Request.IsHttps
Microsoft.AspNetCore.Components.Server (1)
Builder\ServerRazorComponentsEndpointConventionBuilderExtensions.cs (1)
59headers.ContentSecurityPolicy = StringValues.Concat(headers.ContentSecurityPolicy, $"frame-ancestors {options.ContentSecurityFrameAncestorsPolicy}");
Microsoft.AspNetCore.Server.Kestrel.Microbenchmarks (2)
HeaderCollectionBenchmark.cs (1)
201headers.ContentSecurityPolicy = "default-src 'none'; script-src 'self' cdnjs.cloudflare.com code.jquery.com scotthelme.disqus.com a.disquscdn.com www.google-analytics.com go.disqus.com platform.twitter.com cdn.syndication.twimg.com; style-src 'self' a.disquscdn.com fonts.googleapis.com cdnjs.cloudflare.com platform.twitter.com; img-src 'self' data: www.gravatar.com www.google-analytics.com links.services.disqus.com referrer.disqus.com a.disquscdn.com cdn.syndication.twimg.com syndication.twitter.com pbs.twimg.com platform.twitter.com abs.twimg.com; child-src fusiontables.googleusercontent.com fusiontables.google.com www.google.com disqus.com www.youtube.com syndication.twitter.com platform.twitter.com; frame-src fusiontables.googleusercontent.com fusiontables.google.com www.google.com disqus.com www.youtube.com syndication.twitter.com platform.twitter.com; connect-src 'self' links.services.disqus.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com; form-action 'self'; upgrade-insecure-requests;";
ResponseHeaderCollectionBenchmark.cs (1)
164headers.ContentSecurityPolicy = "default-src 'none'; script-src 'self' cdnjs.cloudflare.com code.jquery.com scotthelme.disqus.com a.disquscdn.com www.google-analytics.com go.disqus.com platform.twitter.com cdn.syndication.twimg.com; style-src 'self' a.disquscdn.com fonts.googleapis.com cdnjs.cloudflare.com platform.twitter.com; img-src 'self' data: www.gravatar.com www.google-analytics.com links.services.disqus.com referrer.disqus.com a.disquscdn.com cdn.syndication.twimg.com syndication.twitter.com pbs.twimg.com platform.twitter.com abs.twimg.com; child-src fusiontables.googleusercontent.com fusiontables.google.com www.google.com disqus.com www.youtube.com syndication.twitter.com platform.twitter.com; frame-src fusiontables.googleusercontent.com fusiontables.google.com www.google.com disqus.com www.youtube.com syndication.twitter.com platform.twitter.com; connect-src 'self' links.services.disqus.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com; form-action 'self'; upgrade-insecure-requests;";
9 references to ContentSecurityPolicy
Aspire.Dashboard.Tests (7)
BrowserSecurityHeadersMiddlewareTests.cs (7)
28Assert.NotEqual(StringValues.Empty, httpContext.Response.Headers.ContentSecurityPolicy); 29Assert.DoesNotContain("default-src", httpContext.Response.Headers.ContentSecurityPolicy.ToString()); 43Assert.NotEqual(StringValues.Empty, httpContext.Response.Headers.ContentSecurityPolicy); 44Assert.Contains("default-src", httpContext.Response.Headers.ContentSecurityPolicy.ToString()); 61Assert.NotEqual(StringValues.Empty, httpContext.Response.Headers.ContentSecurityPolicy); 62Assert.Contains(expectedContent, httpContext.Response.Headers.ContentSecurityPolicy.ToString()); 77Assert.Equal(StringValues.Empty, httpContext.Response.Headers.ContentSecurityPolicy);
Microsoft.AspNetCore.Components.Server (1)
Builder\ServerRazorComponentsEndpointConventionBuilderExtensions.cs (1)
59headers.ContentSecurityPolicy = StringValues.Concat(headers.ContentSecurityPolicy, $"frame-ancestors {options.ContentSecurityFrameAncestorsPolicy}");
Microsoft.AspNetCore.Server.Kestrel.Microbenchmarks (1)
HeaderCollectionBenchmark.cs (1)
318value = headers.ContentSecurityPolicy;