/// <summary> /// Adds a <c>Strict-Transport-Security</c> header to the response. /// </summary> /// <param name="builder"></param> /// <param name="maxAge">Sets the duration the browser should internally redirect requests to HTTPS.</param> /// <param name="includeSubDomains"><see langword="true"/> to instruct the browser to also redirect requests to subdomains to HTTPS.</param> /// <param name="preload"><see langword="true"/> to tell vendors to include the domain on a pre-loaded list of domains to automatically redirect requests to HTTPS.</param> /// <returns></returns> public static IApplicationBuilder UseStrictTransportSecurityHeader(this IApplicationBuilder builder, TimeSpan maxAge, bool includeSubDomains = false, bool preload = false) { var options = new StrictTransportSecurityHeaderOptions { MaxAge = maxAge, IncludeSubDomains = includeSubDomains, Preload = preload }; return(builder.UseMiddleware <StrictTransportSecurityHeaderMiddleware>(Options.Create(options))); }
private static string BuildHeaderValue(StrictTransportSecurityHeaderOptions options) { var value = $"max-age={options.MaxAge.TotalSeconds}"; if (options.IncludeSubDomains) { value += "; includeSubDomains"; } if (options.Preload) { value += "; preload"; } return(value); }
/// <summary> /// Adds a <c>Strict-Transport-Security</c> header to the response. /// </summary> /// <param name="builder"></param> /// <param name="options">The options configuring the <c>Strict-Transport-Security</c> header value.</param> /// <returns></returns> public static IApplicationBuilder UseStrictTransportSecurityHeader(this IApplicationBuilder builder, StrictTransportSecurityHeaderOptions options) { return(builder.UseMiddleware <StrictTransportSecurityHeaderMiddleware>(Options.Create(options))); }