Skip to content

Commit be05df9

Browse files
committed
Add support for WSS in Content Security Policy default source directives for browser link
1 parent bc9064e commit be05df9

2 files changed

Lines changed: 8 additions & 2 deletions

File tree

src/Sidio.Web.Security.Tests/Headers/Options/ContentSecurityPolicyHeaderOptionsBuilderExtensionsTests.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ public void AppendBrowserLinkPolicy_ShouldAppendDirectives()
1414
var result = builder.AppendBrowserLinkPolicy();
1515

1616
// Assert
17-
result.Options.DefaultSrc.Should().Be("'unsafe-inline' http://localhost:* https://localhost:* ws://localhost:*");
17+
result.Options.DefaultSrc.Should().Be("'unsafe-inline' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:*");
1818
result.Options.ScriptSrc.Should().Be("'unsafe-inline' http://localhost:* https://localhost:*");
1919
}
2020

@@ -35,7 +35,7 @@ public void AppendBrowserLinkPolicy_DirectivesAlreadyExist_ShouldAppendDirective
3535
var result = builder.AppendBrowserLinkPolicy();
3636

3737
// Assert
38-
result.Options.DefaultSrc.Should().Be("'self' 'unsafe-inline' http://localhost:* https://localhost:* ws://localhost:*");
38+
result.Options.DefaultSrc.Should().Be("'self' 'unsafe-inline' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:*");
3939
result.Options.ScriptSrc.Should().Be("'self' 'unsafe-inline' http://localhost:* https://localhost:*");
4040
}
4141
}

src/Sidio.Web.Security/Headers/Options/ContentSecurityPolicyHeaderOptionsBuilderExtensions.cs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ public static ContentSecurityPolicyHeaderOptionsBuilder AppendBrowserLinkPolicy(
2020
const string HttpLocalhost = "http://localhost:*";
2121
const string HttpsLocalhost = "https://localhost:*";
2222
const string WsLocalhost = "ws://localhost:*";
23+
const string WssLocalhost = "wss://localhost:*";
2324
const string Space = " ";
2425

2526
builder.Options.DefaultSrc ??= string.Empty;
@@ -46,6 +47,11 @@ public static ContentSecurityPolicyHeaderOptionsBuilder AppendBrowserLinkPolicy(
4647
defaultSrcDirectives.Add(WsLocalhost);
4748
}
4849

50+
if (!builder.Options.DefaultSrc.Contains(WssLocalhost))
51+
{
52+
defaultSrcDirectives.Add(WssLocalhost);
53+
}
54+
4955
builder.Options.DefaultSrc += Space + string.Join(Space, defaultSrcDirectives);
5056
builder.Options.DefaultSrc = builder.Options.DefaultSrc.Trim();
5157

0 commit comments

Comments
 (0)