我正在使用ASP.NET MVC 5.我寫了一個小的過濾器屬性,用於將內容安全策略添加到響應標題。下面是代碼:內容安全策略屬性Mvc - 添加多次
public class ContentSecurityPolicyFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpResponseBase response = filterContext.HttpContext.Response;
response.AddHeader("Content-Security-Policy", "default-src *; " +
"img-src * data:; " +
"style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com; " +
"script-src 'self' 'unsafe-inline' 'unsafe-eval' " +
"localhost:*/* " +
"https://facebook.com " +
"*.facebook.com " +
"https://facebook.net " +
"*.facebook.net " +
"https://onesignal.com " +
"*.onesignal.com " +
"https://abtasty.com *.abtasty.com *.convertexperiments.com " +
"http://www.googletagmanager.com " +
"https://www.googletagmanager.com " +
"http://www.google-analytics.com " +
"https://www.google-analytics.com " +
"http://www.googleadservices.com " +
"https://www.googleadservices.com ");
base.OnActionExecuting(filterContext);
}
}
要一個FilterConfig:
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
//...
filters.Add(new ContentSecurityPolicyFilterAttribute());
}
}
我的問題是,這個代碼添加多個Content-Security-Policy
頭在每次請求。它應該運行一次,並且只添加一次這個頭文件。我對嗎?
所以我能解決這個問題?
您是否嘗試過在'OnResultExecuting'中添加標頭,而不是停止重定向或許重複? –
@RyanSearle感謝您的想法。但我採取了相同的結果(過濾器被稱爲多次,並添加內容安全策略多個...) –