/// <summary> /// Add default headers in accordance with the most secure approach /// </summary> public static HeaderPolicyCollection AddDefaultSecurityHeaders(this HeaderPolicyCollection policies) { policies.AddFrameOptionsDeny(); policies.AddXssProtectionBlock(); policies.AddContentTypeOptionsNoSniff(); policies.AddStrictTransportSecurityMaxAge(); policies.RemoveServerHeader(); return(policies); }
/// <summary> /// Add default headers in accordance with the most secure approach /// </summary> public static HeaderPolicyCollection AddDefaultSecurityHeaders(this HeaderPolicyCollection policies) { policies.AddFrameOptionsDeny(); policies.AddXssProtectionBlock(); policies.AddContentTypeOptionsNoSniff(); policies.AddStrictTransportSecurityMaxAge(); policies.AddReferrerPolicyStrictOriginWhenCrossOrigin(); policies.RemoveServerHeader(); policies.AddContentSecurityPolicy(builder => { builder.AddObjectSrc().None(); builder.AddFormAction().Self(); builder.AddFrameAncestors().None(); }); return(policies); }