initial start of the project

Author: MPCoreDeveloper

Posseth.SafeWebCore.sln

@@ -3,16 +3,30 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.10.35013.160
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{FB660E3C-6584-455E-8E5E-0BBBCFEB5CF8}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{CE342AB5-E63F-48AE-BDCC-5E21157E4EA9}"
 	ProjectSection(SolutionItems) = preProject
-		src\Posseth.SafeWebCore\Posseth.SafeWebCore.csproj = src\Posseth.SafeWebCore\Posseth.SafeWebCore.csproj
+		.gitattributes = .gitattributes
+		.gitignore = .gitignore
+		LICENSE.txt = LICENSE.txt
 	EndProjectSection
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Posseth.SafeWebCore", "src\Posseth.SafeWebCore\Posseth.SafeWebCore.csproj", "{3CC906DB-9397-47D8-BE88-48C89A1C841D}"
+EndProject
 Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{3CC906DB-9397-47D8-BE88-48C89A1C841D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{3CC906DB-9397-47D8-BE88-48C89A1C841D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{3CC906DB-9397-47D8-BE88-48C89A1C841D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{3CC906DB-9397-47D8-BE88-48C89A1C841D}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {8358C33E-91D1-4B06-A8B1-E417C80FCADE}
+		SolutionGuid = {F9EDD709-73CF-4384-B3E6-8B70A701B402}
 	EndGlobalSection
 EndGlobal

src/Posseth.SafeWebCore/Class1.cs

@@ -0,0 +1,37 @@
+// Michel Posseth 2024/06/22 YYYY/MM/DD
+using System.Security.Cryptography;
+namespace Posseth.SafeWebCore
+{
+    public class CspBuilder
+    {
+        private readonly Dictionary<string, List<string>> _directives = [];
+        public string Nonce { get; init; } = GetNonce();
+        private static string GetNonce()
+        {
+            using var rng = RandomNumberGenerator.Create();
+            var nonceBytes = new byte[16]; // 128 bits
+            rng.GetBytes(nonceBytes);
+            return Convert.ToBase64String(nonceBytes);
+        }
+        public CspBuilder AddDirective(string directive, string policy)
+        {
+            if (!_directives.TryGetValue(directive, out List<string>? value))
+            {
+                value = [];
+                _directives[directive] = value;
+            }
+
+            if (policy.Contains("{nonce}"))
+            {
+                policy = policy.Replace("{nonce}", $"'nonce-{Nonce}'");
+            }
+
+            value.Add(policy);
+            return this;
+        }
+        public override string ToString()
+        {
+            return string.Join("; ", _directives.Select(d => $"{d.Key} {string.Join(" ", d.Value)}").ToArray());
+        }
+    }
+}

src/Posseth.SafeWebCore/CspBuilder.cs

@@ -0,0 +1,32 @@
+// Michel Posseth 2024/06/22 YYYY/MM/DD
+using Microsoft.AspNetCore.Http;
+namespace Posseth.SafeWebCore
+{
+    public class CspMiddleware(RequestDelegate next, CspBuilder builder)
+    {
+        private readonly RequestDelegate _next = next;
+        private readonly string _policy = builder.ToString();
+
+        public async Task InvokeAsync(HttpContext context)
+        {
+            context.Response.Headers.Add("Content-Security-Policy", _policy);
+            await _next(context);
+        }
+    }
+}
+
+// Extension method for adding the middleware
+
+//var builder = WebApplication.CreateBuilder(args);
+//var app = builder.Build();
+
+//app.UseCsp(csp =>
+//{
+//    csp.AddDirective("default-src", "'self'")
+//       .AddDirective("script-src", "'self' https://trustedscripts.example.com");
+//    // Add more directives as needed
+//});
+
+//app.MapGet("/", () => "Hello World!");
+
+//app.Run();

src/Posseth.SafeWebCore/CspMiddleware.cs

@@ -0,0 +1,15 @@
+// Michel Posseth 2024/06/22 YYYY/MM/DD
+using System;
+using Microsoft.AspNetCore.Builder;
+namespace Posseth.SafeWebCore
+{
+    public static class CspMiddlewareExtensions
+    {
+        public static IApplicationBuilder UseCsp(this IApplicationBuilder builder, Action<CspBuilder> configure)
+        {
+            var cspBuilder = new CspBuilder();
+            configure(cspBuilder);
+            return builder.UseMiddleware<CspMiddleware>(cspBuilder);
+        }
+    }
+}

src/Posseth.SafeWebCore/Extensions/CspMiddlewareExtension.cs

@@ -6,4 +6,12 @@
     <Nullable>enable</Nullable>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.2.0" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Folder Include="Extensions\" />
+  </ItemGroup>
+
 </Project>