Add correct name for allow-from (#244)

andrewlock · web-flow · commit 021a0a60ae28 · 2025-04-20T15:00:32.000+01:00
* Add correct name for allow-from

* Update public API
diff --git a/src/NetEscapades.AspNetCore.SecurityHeaders/Headers/XFrameOptionsHeaderExtensions.cs b/src/NetEscapades.AspNetCore.SecurityHeaders/Headers/XFrameOptionsHeaderExtensions.cs
@@ -38,6 +38,16 @@ public static HeaderPolicyCollection AddFrameOptionsSameOrigin(this HeaderPolicy
     /// <param name="uri">The uri of the origin in which the page may be displayed in a frame</param>
     /// <returns>The <see cref="HeaderPolicyCollection"/> for method chaining</returns>
     public static HeaderPolicyCollection AddFrameOptionsSameOrigin(this HeaderPolicyCollection policies, string uri)
+        => policies.AddFrameOptionsAllowFrom(uri);
+
+    /// <summary>
+    /// Add X-Frame-Options ALLOW-FROM {uri} to all requests, where the uri is provided
+    /// The page can only be displayed in a frame on the specified origin.
+    /// </summary>
+    /// <param name="policies">The collection of policies</param>
+    /// <param name="uri">The uri of the origin in which the page may be displayed in a frame</param>
+    /// <returns>The <see cref="HeaderPolicyCollection"/> for method chaining</returns>
+    public static HeaderPolicyCollection AddFrameOptionsAllowFrom(this HeaderPolicyCollection policies, string uri)
     {
         return policies.ApplyPolicy(new XFrameOptionsHeader($"ALLOW-FROM {uri}"));
     }
diff --git a/test/NetEscapades.AspNetCore.SecurityHeaders.Test/PublicApiTest.PublicApiHasNotChanged.verified.txt b/test/NetEscapades.AspNetCore.SecurityHeaders.Test/PublicApiTest.PublicApiHasNotChanged.verified.txt
@@ -267,6 +267,7 @@ namespace Microsoft.AspNetCore.Builder
     }
     public static class XFrameOptionsHeaderExtensions
     {
+        public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsAllowFrom(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies, string uri) { }
         public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsDeny(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies) { }
         public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsSameOrigin(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies) { }
         public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsSameOrigin(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies, string uri) { }

Original file line number	Diff line number	Diff line change
`@@ -267,6 +267,7 @@ namespace Microsoft.AspNetCore.Builder`
`267`	`267`	`}`
`268`	`268`	`public static class XFrameOptionsHeaderExtensions`
`269`	`269`	`{`
	`270`	`+ public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsAllowFrom(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies, string uri) { }`
`270`	`271`	`public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsDeny(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies) { }`
`271`	`272`	`public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsSameOrigin(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies) { }`
`272`	`273`	`public static Microsoft.AspNetCore.Builder.HeaderPolicyCollection AddFrameOptionsSameOrigin(this Microsoft.AspNetCore.Builder.HeaderPolicyCollection policies, string uri) { }`