/// <summary>
 /// Add default headers in accordance with the most secure approach
 /// </summary>
 public static HeaderPolicyCollection AddDefaultSecurityHeaders(this HeaderPolicyCollection policies)
 {
     policies.AddFrameOptionsDeny();
     policies.AddXssProtectionBlock();
     policies.AddContentTypeOptionsNoSniff();
     policies.AddStrictTransportSecurityMaxAge();
     policies.RemoveServerHeader();
     return(policies);
 }
Пример #2
0
 /// <summary>
 /// Add default headers in accordance with the most secure approach
 /// </summary>
 public static HeaderPolicyCollection AddDefaultSecurityHeaders(this HeaderPolicyCollection policies)
 {
     policies.AddFrameOptionsDeny();
     policies.AddXssProtectionBlock();
     policies.AddContentTypeOptionsNoSniff();
     policies.AddStrictTransportSecurityMaxAge();
     policies.AddReferrerPolicyStrictOriginWhenCrossOrigin();
     policies.RemoveServerHeader();
     policies.AddContentSecurityPolicy(builder =>
     {
         builder.AddObjectSrc().None();
         builder.AddFormAction().Self();
         builder.AddFrameAncestors().None();
     });
     return(policies);
 }