From 5aad4d439ce8090f13c81177f9baca951c7d7215 Mon Sep 17 00:00:00 2001 From: Jamie Taylor Date: Thu, 30 May 2024 19:40:12 +0100 Subject: [PATCH 1/6] Added support for .NET 8 --- OwaspHeaders.Core.Tests/OwaspHeaders.Core.Tests.csproj | 2 +- src/OwaspHeaders.Core.csproj | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/OwaspHeaders.Core.Tests/OwaspHeaders.Core.Tests.csproj b/OwaspHeaders.Core.Tests/OwaspHeaders.Core.Tests.csproj index 5a33d19..090259f 100644 --- a/OwaspHeaders.Core.Tests/OwaspHeaders.Core.Tests.csproj +++ b/OwaspHeaders.Core.Tests/OwaspHeaders.Core.Tests.csproj @@ -4,7 +4,7 @@ 8.0.0 Jamie Taylor OwaspHeaders.Core.Tests - net6.0;net7.0 + net6.0;net7.0;net8.0 diff --git a/src/OwaspHeaders.Core.csproj b/src/OwaspHeaders.Core.csproj index d8e80ba..dc9a05a 100644 --- a/src/OwaspHeaders.Core.csproj +++ b/src/OwaspHeaders.Core.csproj @@ -4,7 +4,7 @@ 8.0.0 Jamie Taylor OwaspHeaders.Core - net6.0;net7.0 + net6.0;net7.0;net8.0 OwaspHeaders.Core 2.0.0 LICENSE.txt From 08eeb1ceff2fdfd0c389c675a40d17ef78243eb9 Mon Sep 17 00:00:00 2001 From: Jamie Taylor Date: Thu, 30 May 2024 19:42:56 +0100 Subject: [PATCH 2/6] Updating to .NET 8 required disabling some warnings around the use of Response.Headers.Add --- .../HttpContextExtensionsTests/TryAdd.cs | 9 +++++++++ .../HttpContextExtensionsTests/TryRemove.cs | 10 ++++++++++ src/Extensions/HttpContextExtensions.cs | 11 ++++++++++- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs index 6fb7b82..8dac27f 100644 --- a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs +++ b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs @@ -30,7 +30,16 @@ public void DoesntInjectHeader_When_Present() var headerName = Guid.NewGuid().ToString(); var headerBody = Guid.NewGuid().ToString(); + // ASP0019 states that: + // "IDictionary.Add will throw an ArgumentException when attempting to add a duplicate key." + // However, we've already done a check to see whether the + // Response.Headers object cannot contain this header (as we're in + // the setup stage of a test). + // So we'll disable the warning here then immediately restore it + // after we've done what we need to. + #pragma warning disable ASP0019 _context.Response.Headers.Add(headerName, headerBody); + #pragma warning restore ASP0019 // Act var response = _context.TryAddHeader(headerName, headerBody); diff --git a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs index 7c06cec..adb752c 100644 --- a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs +++ b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs @@ -15,7 +15,17 @@ public void CanRemoveHeader_When_Present() // Arrange var headerName = Guid.NewGuid().ToString(); var headerBody = Guid.NewGuid().ToString(); + + // ASP0019 states that: + // "IDictionary.Add will throw an ArgumentException when attempting to add a duplicate key." + // However, we've already done a check to see whether the + // Response.Headers object cannot contain this header (as we're in + // the setup stage of a test). + // So we'll disable the warning here then immediately restore it + // after we've done what we need to. + #pragma warning disable ASP0019 _context.Response.Headers.Add(headerName, headerBody); + #pragma warning restore ASP0019 // Act var response = _context.TryRemoveHeader(headerName); diff --git a/src/Extensions/HttpContextExtensions.cs b/src/Extensions/HttpContextExtensions.cs index 15f3d47..9f983fb 100644 --- a/src/Extensions/HttpContextExtensions.cs +++ b/src/Extensions/HttpContextExtensions.cs @@ -18,7 +18,16 @@ public static bool TryAddHeader(this HttpContext httpContext, string headerName, } try { - httpContext.Response.Headers.Add(headerName, headerValue); + // ASP0019 states that: + // "IDictionary.Add will throw an ArgumentException when attempting to add a duplicate key." + // However, we've already done a check to see whether the + // Response.Headers object + // already contains a header with this name (in the above if statement). + // So we'll disable the warning here then immediately restore it + // after we've done what we need to. + #pragma warning disable ASP0019 + httpContext.Response.Headers.Append(headerName, headerValue); + #pragma warning restore ASP0019 return true; } catch (ArgumentException) From 12b6b6ccdebdd708bb33b53beabf3e20efdb5328 Mon Sep 17 00:00:00 2001 From: Jamie Taylor Date: Thu, 30 May 2024 19:44:37 +0100 Subject: [PATCH 3/6] Upped version number of NuGet package --- src/OwaspHeaders.Core.csproj | 2 +- src/OwaspHeadersCore.nuspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/OwaspHeaders.Core.csproj b/src/OwaspHeaders.Core.csproj index dc9a05a..fd910f4 100644 --- a/src/OwaspHeaders.Core.csproj +++ b/src/OwaspHeaders.Core.csproj @@ -1,7 +1,7 @@ An ASP.NET Core Middleware which adds the OWASP recommended HTTP headers for enhanced security. - 8.0.0 + 8.1.0 Jamie Taylor OwaspHeaders.Core net6.0;net7.0;net8.0 diff --git a/src/OwaspHeadersCore.nuspec b/src/OwaspHeadersCore.nuspec index 2cf618f..b67a81e 100644 --- a/src/OwaspHeadersCore.nuspec +++ b/src/OwaspHeadersCore.nuspec @@ -2,7 +2,7 @@ OwaspHeaders.Core - 7.5.1 + 8.1.0 GaProgMan GaProgMan docs\README-NuGet.md From 319fc060af3f4103112f6930535d18fa86010456 Mon Sep 17 00:00:00 2001 From: Jamie Taylor Date: Thu, 30 May 2024 19:45:41 +0100 Subject: [PATCH 4/6] .NET 8.0 is now available for all supported, major Linux distros - removed a point in the Readme which is no longer true --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 9d9e106..17f2d71 100644 --- a/README.md +++ b/README.md @@ -13,14 +13,12 @@ Please note: this middleware **DOES NOT SUPPORT BLAZOR OR WEBASSEMBLY APPLICATIO - .NET SDKs vLatest - 6.0 - 7.0 - - 8.0* + - 8.0 - an IDE (VS Code, Rider, or Visual Studio) - [dotnet-format](https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-format) global tool. That's it. -* = at the time of pushing version 8 of the repo (Dec 2nd, 2023), the .NET 8 SDK binaries are not available for some Linux distributions (such as Fedora). If v8.0 of .NET is not available for your chosen distro, remove the `net8.0` TFM from all csproj files in order to build and run the code. - ## Pull Requests [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) From 0462557aa606c5334a3d22170e98e90259a75f8f Mon Sep 17 00:00:00 2001 From: Jamie Taylor Date: Thu, 30 May 2024 19:46:22 +0100 Subject: [PATCH 5/6] Updated year of license file (not really required as this code was written in the UK, where a year isn't required in the copyright statement in order to protect it) --- LICENSE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.txt b/LICENSE.txt index c7d09ba..864eee6 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2023 Jamie Taylor +Copyright (c) 2024 Jamie Taylor Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 637d644c4d8e403384a0c117c346a9038316592c Mon Sep 17 00:00:00 2001 From: Jamie Taylor Date: Thu, 30 May 2024 20:00:36 +0100 Subject: [PATCH 6/6] Ran dotnet format on code base --- .../HttpContextExtensionsTests/TryAdd.cs | 4 ++-- .../HttpContextExtensionsTests/TryRemove.cs | 6 +++--- src/Extensions/HttpContextExtensions.cs | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs index 8dac27f..0efd616 100644 --- a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs +++ b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryAdd.cs @@ -37,9 +37,9 @@ public void DoesntInjectHeader_When_Present() // the setup stage of a test). // So we'll disable the warning here then immediately restore it // after we've done what we need to. - #pragma warning disable ASP0019 +#pragma warning disable ASP0019 _context.Response.Headers.Add(headerName, headerBody); - #pragma warning restore ASP0019 +#pragma warning restore ASP0019 // Act var response = _context.TryAddHeader(headerName, headerBody); diff --git a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs index adb752c..028221a 100644 --- a/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs +++ b/OwaspHeaders.Core.Tests/HttpContextExtensionsTests/TryRemove.cs @@ -15,7 +15,7 @@ public void CanRemoveHeader_When_Present() // Arrange var headerName = Guid.NewGuid().ToString(); var headerBody = Guid.NewGuid().ToString(); - + // ASP0019 states that: // "IDictionary.Add will throw an ArgumentException when attempting to add a duplicate key." // However, we've already done a check to see whether the @@ -23,9 +23,9 @@ public void CanRemoveHeader_When_Present() // the setup stage of a test). // So we'll disable the warning here then immediately restore it // after we've done what we need to. - #pragma warning disable ASP0019 +#pragma warning disable ASP0019 _context.Response.Headers.Add(headerName, headerBody); - #pragma warning restore ASP0019 +#pragma warning restore ASP0019 // Act var response = _context.TryRemoveHeader(headerName); diff --git a/src/Extensions/HttpContextExtensions.cs b/src/Extensions/HttpContextExtensions.cs index 9f983fb..6f31347 100644 --- a/src/Extensions/HttpContextExtensions.cs +++ b/src/Extensions/HttpContextExtensions.cs @@ -25,9 +25,9 @@ public static bool TryAddHeader(this HttpContext httpContext, string headerName, // already contains a header with this name (in the above if statement). // So we'll disable the warning here then immediately restore it // after we've done what we need to. - #pragma warning disable ASP0019 +#pragma warning disable ASP0019 httpContext.Response.Headers.Append(headerName, headerValue); - #pragma warning restore ASP0019 +#pragma warning restore ASP0019 return true; } catch (ArgumentException)