protected override void ApplicationStartup(Nancy.TinyIoc.TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
//Enable CSRF protection
Nancy.Security.Csrf.Enable(pipelines);
// Enabled cookie sessions
Nancy.Session.CookieBasedSessions.Enable(pipelines);
//Setup frame and origin options ( https://www.owasp.org/index.php/List_of_useful_HTTP_headers )
//may be overwritten by server (apache,ngix,iis,..) for config see https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
pipelines.AfterRequest.AddItemToEndOfPipeline((ctx) =>
{
if (ctx.Response.StatusCode == HttpStatusCode.InternalServerError) return;
ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
ctx.Response.Headers.Add("X-Download-Options", "noopen"); // IE extension
ctx.Response.Headers.Add("X-Content-Type-Options", "nosniff");
ctx.Response.Headers.Add("X-XSS-Protection", "1; mode=block");
});
// Retain the casing in serialization of nancy json
Nancy.Json.JsonSettings.RetainCasing = true;
StaticConfiguration.CaseSensitive = false;
// Enable debugging of nancy
StaticConfiguration.EnableRequestTracing = false;
// Dummy call to force the include of the Nancy.Serialization.JsonNet dll
JsonNetSerializer a = new JsonNetSerializer();
a.CanSerialize("{}");
}
protected override void ApplicationStartup(Nancy.TinyIoc.TinyIoCContainer container, Nancy.Bootstrapper.IPipelines pipelines)
{
base.ApplicationStartup(container, pipelines);
//Enable CSRF protection
Nancy.Security.Csrf.Enable(pipelines);
// Enabled cookie sessions
Nancy.Session.CookieBasedSessions.Enable(pipelines);
//Setup frame and origin options ( https://www.owasp.org/index.php/List_of_useful_HTTP_headers )
//may be overwritten by server (apache,ngix,iis,..) for config see https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
pipelines.AfterRequest.AddItemToEndOfPipeline((ctx) =>
{
if (ctx.Response.StatusCode == HttpStatusCode.InternalServerError)
{
return;
}
ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
ctx.Response.Headers.Add("X-Download-Options", "noopen"); // IE extension
ctx.Response.Headers.Add("X-Content-Type-Options", "nosniff");
ctx.Response.Headers.Add("X-XSS-Protection", "1; mode=block");
});
// Retain the casing in serialization of nancy json
Nancy.Json.JsonSettings.RetainCasing = true;
StaticConfiguration.CaseSensitive = false;
// Enable debugging of nancy
StaticConfiguration.EnableRequestTracing = false;
// Dummy call to force the include of the Nancy.Serialization.JsonNet dll
JsonNetSerializer a = new JsonNetSerializer();
a.CanSerialize("{}");
}