From 1f1c9ebd968aa525bcba6b6610cd1d44c8f83a8e Mon Sep 17 00:00:00 2001
From: Tommy Parnell <tommy@terribledev.io>
Date: Sun, 3 Feb 2019 13:40:54 -0500
Subject: [PATCH] add upgrade insecure request

---
 src/HardHat.UnitTests/CSPBuilderTests.cs             | 5 +++--
 src/HardHat/Builders/ContentSecurityHeaderBuilder.cs | 4 ++++
 src/HardHat/Constants.cs                             | 1 +
 src/HardHat/ContentSecurityPolicy.cs                 | 1 +
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/HardHat.UnitTests/CSPBuilderTests.cs b/src/HardHat.UnitTests/CSPBuilderTests.cs
index 4778054..47a6266 100644
--- a/src/HardHat.UnitTests/CSPBuilderTests.cs
+++ b/src/HardHat.UnitTests/CSPBuilderTests.cs
@@ -25,10 +25,11 @@ namespace HardHat.UnitTests
                 FormAction = new HashSet<string>() { "http://*.example.com" },
                 FrameAncestors = new HashSet<string>() { "http://*.example.com" },
                 PluginTypes = new HashSet<string>() { "http://*.example.com" },
-                Sandbox = SandboxOption.AllowPointerLock
+                Sandbox = SandboxOption.AllowPointerLock,
+                UpgradeInsecureRequests = true
 
             });
-            Assert.Equal<string>(@"default-src 'self' 'none' http://*.example.com; script-src http://*.example.com; style-src http://*.example.com; img-src http://*.example.com; connect-src http://*.example.com; font-src http://*.example.com; object-src http://*.example.com; media-src http://*.example.com; child-src http://*.example.com; form-action http://*.example.com; frame-ancestors http://*.example.com; sandbox allow-pointer-lock; plugin-types http://*.example.com;", builder);
+            Assert.Equal<string>(@"default-src 'self' 'none' http://*.example.com; script-src http://*.example.com; style-src http://*.example.com; img-src http://*.example.com; connect-src http://*.example.com; font-src http://*.example.com; object-src http://*.example.com; media-src http://*.example.com; child-src http://*.example.com; form-action http://*.example.com; frame-ancestors http://*.example.com; sandbox allow-pointer-lock; plugin-types http://*.example.com; upgrade-insecure-requests;", builder);
         }
 
         [Fact]
diff --git a/src/HardHat/Builders/ContentSecurityHeaderBuilder.cs b/src/HardHat/Builders/ContentSecurityHeaderBuilder.cs
index 5bc978d..99c4447 100644
--- a/src/HardHat/Builders/ContentSecurityHeaderBuilder.cs
+++ b/src/HardHat/Builders/ContentSecurityHeaderBuilder.cs
@@ -91,6 +91,10 @@ namespace HardHat.Builders
                 stringBuilder.Append(Constants.CSPDirectives.PluginTypes);
                 stringBuilder.Append($" {string.Join(" ", policy.PluginTypes)}; ");
             }
+            if(policy.UpgradeInsecureRequests)
+            {
+                stringBuilder.Append($"{Constants.CSPDirectives.UpgradeInsecureRequests}; ");
+            }
             return stringBuilder.ToString().TrimEnd();
         }
     }
diff --git a/src/HardHat/Constants.cs b/src/HardHat/Constants.cs
index 70bb58f..57119c7 100644
--- a/src/HardHat/Constants.cs
+++ b/src/HardHat/Constants.cs
@@ -52,6 +52,7 @@
             internal const string FormAction = "form-action";
             internal const string FrameAncestors = "frame-ancestors";
             internal const string PluginTypes = "plugin-types";
+            internal const string UpgradeInsecureRequests = "upgrade-insecure-requests";
         }
     }
 }
diff --git a/src/HardHat/ContentSecurityPolicy.cs b/src/HardHat/ContentSecurityPolicy.cs
index 4b30854..6f06de4 100644
--- a/src/HardHat/ContentSecurityPolicy.cs
+++ b/src/HardHat/ContentSecurityPolicy.cs
@@ -68,5 +68,6 @@ namespace HardHat
         /// </summary>
         public bool OnlySendReport { get; set;  } = false;
 
+        public bool UpgradeInsecureRequests { get; set; } = false;
     }
 }