Merge branch 'master' into feature/families-for-enterprise

src/Core/Utilities/CoreHelpers.cs

@@ -895,6 +895,16 @@ namespace Bit.Core.Utilities
             return System.Text.Json.JsonSerializer.Deserialize<T>(jsonData, options);
         }
 
+        public static string ClassToJsonData<T>(T data)
+        {
+            var options = new JsonSerializerOptions
+            {
+                PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+            };
+
+            return System.Text.Json.JsonSerializer.Serialize(data, options);
+        }
+
         public static ICollection<T> AddIfNotExists<T>(this ICollection<T> list, T item)
         {
             if (list.Contains(item))
@@ -921,5 +931,11 @@ namespace Bit.Core.Utilities
                 return text;
             }
         }
+
+        public static bool FixedTimeEquals(string input1, string input2)
+        {
+            return CryptographicOperations.FixedTimeEquals(
+                Encoding.UTF8.GetBytes(input1), Encoding.UTF8.GetBytes(input2));
+        }
     }
 }

src/Core/Utilities/SecurityHeadersMiddleware.cs

@@ -0,0 +1,30 @@
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Primitives;
+
+namespace Bit.Core.Utilities
+{
+    public sealed class SecurityHeadersMiddleware
+    {
+        private readonly RequestDelegate _next;
+
+        public SecurityHeadersMiddleware(RequestDelegate next)
+        {
+            _next = next;
+        }
+
+        public Task Invoke(HttpContext context)
+        {
+            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+            context.Response.Headers.Add("x-frame-options", new StringValues("SAMEORIGIN"));
+
+            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+            context.Response.Headers.Add("x-xss-protection", new StringValues("1; mode=block"));
+
+            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+            context.Response.Headers.Add("x-content-type-options", new StringValues("nosniff"));
+
+            return _next(context);
+        }
+    }
+}

src/Core/Utilities/ServiceCollectionExtensions.cs

@@ -178,7 +178,7 @@ namespace Bit.Core.Utilities
             services.AddScoped<IEmergencyAccessService, EmergencyAccessService>();
             services.AddSingleton<IDeviceService, DeviceService>();
             services.AddSingleton<IAppleIapService, AppleIapService>();
-            services.AddSingleton<ISsoConfigService, SsoConfigService>();
+            services.AddScoped<ISsoConfigService, SsoConfigService>();
             services.AddScoped<ISendService, SendService>();
         }