| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Adds an Antiforgery service to the server. |
| | | 4 | | .DESCRIPTION |
| | | 5 | | This cmdlet allows you to configure the Antiforgery service for the Kestrun server. |
| | | 6 | | It can be used to protect against Cross-Site Request Forgery (CSRF) attacks by generating and validating antifor |
| | | 7 | | .PARAMETER Server |
| | | 8 | | The Kestrun server instance to which the Antiforgery service will be added. |
| | | 9 | | .PARAMETER Options |
| | | 10 | | The Antiforgery options to configure the service. |
| | | 11 | | .PARAMETER CookieName |
| | | 12 | | The name of the cookie to use for the Antiforgery token. Default is ".Kestrun.AntiXSRF". |
| | | 13 | | .PARAMETER FormFieldName |
| | | 14 | | The name of the form field to use for the Antiforgery token. If not specified, the default will be used. |
| | | 15 | | .PARAMETER HeaderName |
| | | 16 | | The name of the header to use for the Antiforgery token. Default is "X-CSRF-TOKEN". |
| | | 17 | | .PARAMETER SuppressXFrameOptionsHeader |
| | | 18 | | If specified, the X-Frame-Options header will not be added to responses. |
| | | 19 | | .PARAMETER SuppressReadingTokenFromFormBody |
| | | 20 | | If specified, the Antiforgery service will not read tokens from the form body. This option is only available in |
| | | 21 | | .PARAMETER PassThru |
| | | 22 | | If specified, the cmdlet will return the modified server instance after adding the Antiforgery service. |
| | | 23 | | .EXAMPLE |
| | | 24 | | $server | Add-KrAntiforgeryMiddleware -Cookie $cookieBuilder -FormField '__RequestVerificationToken' -HeaderName |
| | | 25 | | This example adds an Antiforgery service to the server with a custom cookie builder, form field name, and header |
| | | 26 | | .EXAMPLE |
| | | 27 | | $server | Add-KrAntiforgeryMiddleware -Options $options |
| | | 28 | | This example adds an Antiforgery service to the server using the specified Antiforgery options. |
| | | 29 | | .LINK |
| | | 30 | | https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.antiforgery.antiforgeryoptions?view=aspnetcore |
| | | 31 | | #> |
| | | 32 | | function Add-KrAntiforgeryMiddleware { |
| | | 33 | | [KestrunRuntimeApi('Definition')] |
| | | 34 | | [CmdletBinding(defaultParameterSetName = 'Items')] |
| | | 35 | | [OutputType([Kestrun.Hosting.KestrunHost])] |
| | | 36 | | param( |
| | | 37 | | [Parameter(Mandatory = $false, ValueFromPipeline = $true)] |
| | | 38 | | [Kestrun.Hosting.KestrunHost]$Server, |
| | | 39 | | |
| | | 40 | | [Parameter(Mandatory = $true, ParameterSetName = 'Options')] |
| | | 41 | | [Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions]$Options, |
| | | 42 | | |
| | | 43 | | [Parameter(ParameterSetName = 'Items')] |
| | | 44 | | [string]$FormFieldName, |
| | | 45 | | |
| | | 46 | | [Parameter(ParameterSetName = 'Items')] |
| | | 47 | | [string]$CookieName = ".Kestrun.AntiXSRF", |
| | | 48 | | |
| | | 49 | | [Parameter(ParameterSetName = 'Items')] |
| | | 50 | | [string]$HeaderName = "X-CSRF-TOKEN", |
| | | 51 | | |
| | | 52 | | [Parameter(ParameterSetName = 'Items')] |
| | | 53 | | [switch]$SuppressXFrameOptionsHeader, |
| | | 54 | | |
| | | 55 | | [Parameter(ParameterSetName = 'Items')] |
| | | 56 | | [switch]$SuppressReadingTokenFromFormBody, |
| | | 57 | | |
| | | 58 | | [Parameter()] |
| | | 59 | | [switch]$PassThru |
| | | 60 | | ) |
| | | 61 | | begin { |
| | | 62 | | # Ensure the server instance is resolved |
| | 0 | 63 | | $Server = Resolve-KestrunServer -Server $Server |
| | | 64 | | } |
| | | 65 | | process { |
| | 0 | 66 | | if ($PSCmdlet.ParameterSetName -eq 'Items') { |
| | 0 | 67 | | $Options = [Microsoft.AspNetCore.Antiforgery.AntiforgeryOptions]::new() |
| | | 68 | | |
| | | 69 | | # build default cookie |
| | 0 | 70 | | $cookie = [Microsoft.AspNetCore.Http.CookieBuilder]::new() |
| | 0 | 71 | | $cookie.Name = $CookieName |
| | 0 | 72 | | $cookie.SameSite = [Microsoft.AspNetCore.Http.SameSiteMode]::Lax |
| | 0 | 73 | | $cookie.HttpOnly = $true |
| | 0 | 74 | | $cookie.SecurePolicy = [Microsoft.AspNetCore.Http.CookieSecurePolicy]::Always |
| | 0 | 75 | | $cookie.Path = "/" |
| | | 76 | | |
| | 0 | 77 | | $Options.Cookie = $cookie |
| | | 78 | | |
| | 0 | 79 | | if (-not [string]::IsNullOrEmpty($FormFieldName)) { |
| | 0 | 80 | | $Options.FormFieldName = $FormFieldName |
| | | 81 | | } |
| | 0 | 82 | | if (-not [string]::IsNullOrEmpty($HeaderName)) { |
| | 0 | 83 | | $Options.HeaderName = $HeaderName |
| | | 84 | | } |
| | 0 | 85 | | if ($SuppressXFrameOptionsHeader.IsPresent) { |
| | 0 | 86 | | $Options.SuppressXFrameOptionsHeader = $true |
| | | 87 | | } |
| | 0 | 88 | | if (Test-KrCapability -Feature "SuppressReadingTokenFromFormBody") { |
| | 0 | 89 | | if ($SuppressReadingTokenFromFormBody.IsPresent) { |
| | 0 | 90 | | $Options.SuppressReadingTokenFromFormBody = $true |
| | | 91 | | } |
| | | 92 | | } |
| | | 93 | | } |
| | | 94 | | |
| | | 95 | | # Add the Antiforgery service to the server |
| | 0 | 96 | | [Kestrun.Hosting.KestrunSecurityMiddlewareExtensions]::AddAntiforgery($Server, $Options) | Out-Null |
| | | 97 | | |
| | 0 | 98 | | if ($PassThru.IsPresent) { |
| | | 99 | | # if the PassThru switch is specified, return the modified server instance |
| | 0 | 100 | | return $Server |
| | | 101 | | } |
| | | 102 | | } |
| | | 103 | | } |
| | | 104 | | |