EHD-1411: Reduce code in Core project: Inline Extensions.SetResponseH…

…eader code
cabinetoffice · Nov 4, 2024 · 619b59f · 619b59f
1 parent 1363704
commit 619b59f
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 49 deletions.
diff --git a/GenderPayGap.Core/Extensions/AspNetCore/Extensions.cs b/GenderPayGap.Core/Extensions/AspNetCore/Extensions.cs
@@ -1,52 +1,11 @@
-using System;
 using System.Threading;
 using GenderPayGap.Core;
-using Microsoft.AspNetCore.Http;
 
 namespace GenderPayGap.Extensions.AspNetCore
 {
-    public static partial class Extensions
+    public static class Extensions
     {
 
-        /// <summary>
-        ///     Removes null header or ensures header is set to correct value
-        ///     ///
-        /// </summary>
-        /// <param name="context">The HttpContext to remove the header from</param>
-        /// <param name="key">The key of the header name</param>
-        /// <param name="value">The value which the header should be - if empty removed the header</param>
-        public static void SetResponseHeader(this HttpContext context, string key, string value = null)
-        {
-            try
-            {
-                if (string.IsNullOrWhiteSpace(value))
-                {
-                    if (context.Response.Headers.ContainsKey(key))
-                    {
-                        context.Response.Headers.Remove(key);
-                    }
-                }
-                else if (!context.Response.Headers.ContainsKey(key))
-                {
-                    context.Response.Headers.Add(key, value);
-                }
-                else if (context.Response.Headers[key] != value)
-                {
-                    context.Response.Headers.Remove(key); //This is required as cannot change a key once added
-                    context.Response.Headers[key] = value;
-                }
-            }
-            catch (Exception ex)
-            {
-                if (context.Response.Headers.ContainsKey(key))
-                {
-                    throw new Exception($"Could not set header '{key}' from value '{context.Response.Headers[key]}' to '{value}' ", ex);
-                }
-
-                throw new Exception($"Could not add header '{key}' to value '{value}' ", ex);
-            }
-        }
-
         public static string GetThreadCount()
         {
             ThreadPool.GetMinThreads(out int workerMin, out int ioMin);

diff --git a/GenderPayGap.Core/Extensions/AspNetCore/SecurityHeaderMiddleware.cs b/GenderPayGap.Core/Extensions/AspNetCore/SecurityHeaderMiddleware.cs
@@ -19,9 +19,22 @@ public async Task Invoke(HttpContext httpContext)
         {
             httpContext.Response.OnStarting(
                 () => {
-                    foreach (KeyValuePair<string,string> securityHeader in Global.SecurityHeaders)
+                    foreach (KeyValuePair<string, string> securityHeader in Global.SecurityHeadersToAdd)
                     {
-                        httpContext.SetResponseHeader(securityHeader.Key, securityHeader.Value);
+                        if (!httpContext.Response.Headers.ContainsKey(securityHeader.Key))
+                        {
+                            httpContext.Response.Headers.Add(securityHeader.Key, securityHeader.Value);
+                        }
+                        else if (httpContext.Response.Headers[securityHeader.Key] != securityHeader.Value)
+                        {
+                            httpContext.Response.Headers.Remove(securityHeader.Key); // This is required as we cannot change a key once it is added
+                            httpContext.Response.Headers[securityHeader.Key] = securityHeader.Value;
+                        }
+                    }
+
+                    foreach (string securityHeaderName in Global.SecurityHeadersToRemove)
+                    {
+                        httpContext.Response.Headers.Remove(securityHeaderName);
                     }
 
                     return Task.CompletedTask;

diff --git a/GenderPayGap.Core/Global.cs b/GenderPayGap.Core/Global.cs
@@ -110,7 +110,7 @@ public static bool EnableSubmitAlerts
         public static int MaxCompareBasketCount => 500; // Maximum number of employers you can add to the compare basket
         public static int EditableReportCount => 4; // Specifies how many reports an employer can edit
         public static int EditableScopeCount => 2; // Specifies how many scopes an employer can edit
-        public static Dictionary<string, string> SecurityHeaders =>
+        public static Dictionary<string, string> SecurityHeadersToAdd =>
             new Dictionary<string, string>
             {
                 {"X-Content-Type-Options", "nosniff"},
@@ -121,11 +121,16 @@ public static bool EnableSubmitAlerts
                 {"X-Content-Security-Policy", "frame-ancestors 'none'"},
                 {"Referrer-Policy", "origin-when-cross-origin"},
                 {"Strict-Transport-Security", "max-age=31536000; includeSubDomains"},
-                {"X-Powered-By", ""},
-                {"X-AspNet-Version", ""},
-                {"X-AspNetMvc-Version", ""},
-                {"Server", ""}
             };
+        public static List<string> SecurityHeadersToRemove =>
+            new List<string>
+            {
+                "X-Powered-By",
+                "X-AspNet-Version",
+                "X-AspNetMvc-Version",
+                "Server"
+            };
+
         public static int ObfuscationSeed => 1045659205;
 
         #endregion