Cloudflare.LeakedCredentials 1.0.0

.NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. 
dotnet add package Cloudflare.LeakedCredentials --version 1.0.0
                    


                    

                
NuGet\Install-Package Cloudflare.LeakedCredentials -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Cloudflare.LeakedCredentials" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Cloudflare.LeakedCredentials" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Cloudflare.LeakedCredentials" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Cloudflare.LeakedCredentials --version 1.0.0
                    


                    

                
#r "nuget: Cloudflare.LeakedCredentials, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Cloudflare.LeakedCredentials@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Cloudflare.LeakedCredentials&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Cloudflare.LeakedCredentials&version=1.0.0
                    


                            Install as a Cake Tool

Cloudflare.LeakedCredentials

A minimal netstandard2.0 library that parses Cloudflare's Exposed-Credential-Check response header so origin servers can detect credential exposure without pulling in framework dependencies.

Purpose

  1. Keep framework dependencies out of the security signal by exposing only a single, functional entry point (ExposedCredentialCheck.Parse).
  2. Require callers to provide a Func<string, string?> header accessor so the library works with ASP.NET, HttpClient, middleware pipelines, or any custom HTTP stack.

Contents

Getting started

  1. Consume the published NuGet package using dotnet add package Cloudflare.LeakedCredentials or build from source with dotnet build Cloudflare.LeakedCredentials.sln (netstandard2.0 only).
  2. Provide a header getter delegate when calling Parse so you retain control of how headers are fetched.
var result = ExposedCredentialCheck.Parse(context.Request.Headers.Get);
if (result == ExposedCredentialCheckResult.Exposed)
{
		// trigger additional logging, alerting, or rejection logic
}

API contract

  • ExposedCredentialCheck.Parse(Func<string, string?> getHeader)
    • Emits ExposedCredentialCheckResult.None for missing/null/empty headers.
    • Uses Enum.IsDefined() plus a positive value check so only known exposure states are surfaced.
    • Throws ArgumentNullException if the delegate is null to keep contracts strict.

Best practices

  • Keep header access centralized inside middleware, filters, or helpers before passing a delegate into this library; it simplifies testing and throttling.
  • Treat every result that is not None as actionable—PotentiallyExposed still warrants monitoring or rate limiting.
  • Wrap log and metric instrumentation around the exposure result so it can feed dashboards without leaking secrets.
  • Preserve netstandard2.0 compatibility: avoid framework-specific APIs in wrappers so this package stays portable.
  • Respect null-safety guarantees by never calling Parse with a null delegate and by validating header values before acting on them.

Testing & validation

  • Keep builds fast with dotnet build Cloudflare.LeakedCredentials.sln.
  • The tests live under tests/Cloudflare.LeakedCredentials.Tests/; add coverage-sensitive scenarios there and expose internals via InternalsVisibleTo when needed.
  • Use dotnet test in CI to exercise the ExposedCredentialCheck parsing logic across all states.

NuGet package

  • The repository already publishes the Cloudflare.LeakedCredentials NuGet package targeting netstandard2.0.
  • Consume it with dotnet add package Cloudflare.LeakedCredentials and keep your package reference updated from nuget.org.
  • Package publishing follows the standard dotnet pack / dotnet nuget push flow and should only be run by authorized maintainers.

Resiliency notes

  • The library keeps the enum validation strict (using Enum.IsDefined and positive value checks) so unknown headers fall back to None rather than failing the request.
  • Header parsing is intentionally synchronous and stateless—provide thread-safe delegates when sampling headers from shared contexts.

Next steps

  • Run dotnet test Cloudflare.LeakedCredentials.sln locally and in CI to validate the parsing coverage you just added.
  • When bumping the package, update Directory.Build.props metadata and align Directory.Packages.props versions with any new dependencies.
  • Draft release notes that explain which Cloudflare response states are surfaced so downstream teams can react appropriately.

Contributing

  • Open issues for bug reports or feature ideas.
  • Keep future API changes backward-compatible with ExposedCredentialCheck.Parse.

License

See the LICENSE file for details.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • .NETStandard 2.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 163 12/12/2025

https://github.com/brandonhenricks/cloudflare-leakedcredentials/releases