// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, IAntiforgery antiforgery) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { //add security headers app.UseSecurityHeadersMiddleware(new SecurityHeadersBuilder() .AddDefaultSecureHeadersPolicy()); //remove headers added by web server app.Use(async(context, next) => { context.Response.OnStarting(() => { context.Response.Headers.Remove(ServerHeader.Name); return(Task.FromResult(0)); }); await next(); }); app.UseHttpsRedirection(); app.UseHsts(); } app.UseStaticFiles(); //session app.UseSession(); app.Use(async(context, next) => { if (context.Request.Path == "/") { var tokens = antiforgery.GetAndStoreTokens(context); context.Response.Cookies.Append("CSRF-TOKEN", tokens.RequestToken, new CookieOptions { HttpOnly = false }); } await next(); }); //register swagger app.UseOpenApi(); app.UseSwaggerUi3(settings => { settings.Path = "/docs"; settings.EnableTryItOut = true; settings.DocumentPath = "/docs/swagger.json"; settings.DocExpansion = "Full"; }); app.UseMvc(); //initialize AutoMapper MappingsConfiguration.InitializeAutoMapper(); }
public void Configure(IApplicationBuilder app, IHostingEnvironment env) { //add security headers app.UseSecurityHeadersMiddleware(new SecurityHeadersBuilder() .AddDefaultSecureHeadersPolicy()); //remove headers added by web server app.Use(async(context, next) => { context.Response.OnStarting(() => { context.Response.Headers.Remove(ServerHeader.Name); return(Task.FromResult(0)); }); await next(); }); app.UseStaticFiles(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseHsts(); app.UseHttpsRedirection(); } //register swagger app.UseOpenApi(); app.UseSwaggerUi3(settings => { settings.Path = "/docs"; settings.EnableTryItOut = true; settings.DocumentPath = "/docs/swagger.json"; settings.DocExpansion = "Full"; }); app.UseMvc(); //initialize AutoMapper MappingsConfiguration.InitializeAutoMapper(); }