-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathIndexHtmlNonceInjectionMiddleware.cs
More file actions
44 lines (37 loc) · 1.54 KB
/
IndexHtmlNonceInjectionMiddleware.cs
File metadata and controls
44 lines (37 loc) · 1.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
namespace DotNetAngularTemplate.Middleware;
using System;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Hosting;
public class IndexHtmlNonceInjectionMiddleware(RequestDelegate next, IWebHostEnvironment env)
{
// Define a HashSet for quick lookup of static file extensions
private static readonly HashSet<string> ExcludedExtensions = new(StringComparer.OrdinalIgnoreCase)
{
".js", ".css", ".png", ".jpg", ".jpeg", ".gif", ".svg", ".ico",
".woff", ".woff2", ".ttf", ".eot", ".map", ".json", ".webp", ".avif"
};
public async Task InvokeAsync(HttpContext context)
{
var path = context.Request.Path;
// Check if the request is not for an API endpoint and does not target a static file
bool isApi = path.StartsWithSegments("/api");
bool isStatic = Path.HasExtension(path) && ExcludedExtensions.Contains(Path.GetExtension(path));
if (!isApi && !isStatic)
{
var file = Path.Combine(env.WebRootPath, "browser/index.html");
if (File.Exists(file))
{
var html = await File.ReadAllTextAsync(file);
var nonce = context.Items["CSPNonce"]?.ToString() ?? "";
html = html.Replace("CSP_NONCE_PLACEHOLDER", nonce);
context.Response.ContentType = "text/html";
await context.Response.WriteAsync(html);
return;
}
}
await next(context);
}
}