diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/BaseHttpHeaderCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/BaseHttpHeaderCheck.cs
index eeb291c41faf..99deaa2af7f9 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/BaseHttpHeaderCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/BaseHttpHeaderCheck.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Umbraco.
+// Copyright (c) Umbraco.
// See LICENSE for more details.
using System;
@@ -20,8 +20,8 @@ namespace Umbraco.Cms.Core.HealthChecks.Checks.Security
public abstract class BaseHttpHeaderCheck : HealthCheck
{
private readonly IHostingEnvironment _hostingEnvironment;
+ private readonly ILocalizedTextService _textService;
private readonly string _header;
- private readonly string _value;
private readonly string _localizedTextPrefix;
private readonly bool _metaTagOptionAvailable;
private static HttpClient s_httpClient;
@@ -33,26 +33,18 @@ protected BaseHttpHeaderCheck(
IHostingEnvironment hostingEnvironment,
ILocalizedTextService textService,
string header,
- string value,
string localizedTextPrefix,
bool metaTagOptionAvailable)
{
- LocalizedTextService = textService ?? throw new ArgumentNullException(nameof(textService));
+ _textService = textService ?? throw new ArgumentNullException(nameof(textService));
_hostingEnvironment = hostingEnvironment;
_header = header;
- _value = value;
_localizedTextPrefix = localizedTextPrefix;
_metaTagOptionAvailable = metaTagOptionAvailable;
}
private static HttpClient HttpClient => s_httpClient ??= new HttpClient();
-
- ///
- /// Gets the localized text service.
- ///
- protected ILocalizedTextService LocalizedTextService { get; }
-
///
/// Gets a link to an external read more page.
///
@@ -79,7 +71,7 @@ protected async Task CheckForHeader()
var success = false;
// Access the site home page and check for the click-jack protection header or meta tag
- Uri url = _hostingEnvironment.ApplicationMainUrl;
+ var url = _hostingEnvironment.ApplicationMainUrl.GetLeftPart(UriPartial.Authority);
try
{
@@ -95,12 +87,12 @@ protected async Task CheckForHeader()
}
message = success
- ? LocalizedTextService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderFound")
- : LocalizedTextService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderNotFound");
+ ? _textService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderFound")
+ : _textService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderNotFound");
}
catch (Exception ex)
{
- message = LocalizedTextService.Localize("healthcheck","healthCheckInvalidUrl", new[] { url.ToString(), ex.Message });
+ message = _textService.Localize("healthcheck","healthCheckInvalidUrl", new[] { url.ToString(), ex.Message });
}
return
diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/ClickJackingCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/ClickJackingCheck.cs
index 957ee0b71507..8586989f32a8 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/ClickJackingCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/ClickJackingCheck.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Umbraco.
+// Copyright (c) Umbraco.
// See LICENSE for more details.
using Umbraco.Cms.Core.Hosting;
@@ -20,7 +20,7 @@ public class ClickJackingCheck : BaseHttpHeaderCheck
/// Initializes a new instance of the class.
///
public ClickJackingCheck(IHostingEnvironment hostingEnvironment, ILocalizedTextService textService)
- : base(hostingEnvironment, textService, "X-Frame-Options", "sameorigin", "clickJacking", true)
+ : base(hostingEnvironment, textService, "X-Frame-Options", "clickJacking", true)
{
}
diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs
index 34c76f2b6dc2..d5eac030389d 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Umbraco.
+// Copyright (c) Umbraco.
// See LICENSE for more details.
using System;
@@ -53,7 +53,7 @@ private async Task CheckForHeaders()
{
string message;
var success = false;
- var url = _hostingEnvironment.ApplicationMainUrl.GetLeftPart(UriPartial.Authority);;
+ var url = _hostingEnvironment.ApplicationMainUrl.GetLeftPart(UriPartial.Authority);
// Access the site home page and check for the headers
var request = new HttpRequestMessage(HttpMethod.Head, url);
diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/HstsCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/HstsCheck.cs
index b2166b88bd0d..7902f4e3f873 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/HstsCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/HstsCheck.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Umbraco.
+// Copyright (c) Umbraco.
// See LICENSE for more details.
using Umbraco.Cms.Core.Hosting;
@@ -27,7 +27,7 @@ public class HstsCheck : BaseHttpHeaderCheck
/// but then you should include subdomains and I wouldn't suggest to do that for Umbraco-sites.
///
public HstsCheck(IHostingEnvironment hostingEnvironment, ILocalizedTextService textService)
- : base(hostingEnvironment, textService, "Strict-Transport-Security", "max-age=10886400", "hSTS", true)
+ : base(hostingEnvironment, textService, "Strict-Transport-Security", "hSTS", true)
{
}
diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/NoSniffCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/NoSniffCheck.cs
index 035733e4ee01..78ee2c0e124f 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/NoSniffCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/NoSniffCheck.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Umbraco.
+// Copyright (c) Umbraco.
// See LICENSE for more details.
using Umbraco.Cms.Core.Hosting;
@@ -20,7 +20,7 @@ public class NoSniffCheck : BaseHttpHeaderCheck
/// Initializes a new instance of the class.
///
public NoSniffCheck(IHostingEnvironment hostingEnvironment, ILocalizedTextService textService)
- : base(hostingEnvironment, textService, "X-Content-Type-Options", "nosniff", "noSniff", false)
+ : base(hostingEnvironment, textService, "X-Content-Type-Options", "noSniff", false)
{
}
diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/XssProtectionCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/XssProtectionCheck.cs
index 6c05c39f4646..570ca8002d74 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/XssProtectionCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/XssProtectionCheck.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Umbraco.
+// Copyright (c) Umbraco.
// See LICENSE for more details.
using Umbraco.Cms.Core.Hosting;
@@ -27,7 +27,7 @@ public class XssProtectionCheck : BaseHttpHeaderCheck
/// but then you should include subdomains and I wouldn't suggest to do that for Umbraco-sites.
///
public XssProtectionCheck(IHostingEnvironment hostingEnvironment, ILocalizedTextService textService)
- : base(hostingEnvironment, textService, "X-XSS-Protection", "1; mode=block", "xssProtection", true)
+ : base(hostingEnvironment, textService, "X-XSS-Protection", "xssProtection", true)
{
}