AspNetCore.Hosting.ContentSecurityPolicies
1.4.0
There is a newer version of this package available.
See the version list below for details.
See the version list below for details.
dotnet add package AspNetCore.Hosting.ContentSecurityPolicies --version 1.4.0
NuGet\Install-Package AspNetCore.Hosting.ContentSecurityPolicies -Version 1.4.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="AspNetCore.Hosting.ContentSecurityPolicies" Version="1.4.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add AspNetCore.Hosting.ContentSecurityPolicies --version 1.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: AspNetCore.Hosting.ContentSecurityPolicies, 1.4.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install AspNetCore.Hosting.ContentSecurityPolicies as a Cake Addin
#addin nuget:?package=AspNetCore.Hosting.ContentSecurityPolicies&version=1.4.0
// Install AspNetCore.Hosting.ContentSecurityPolicies as a Cake Tool
#tool nuget:?package=AspNetCore.Hosting.ContentSecurityPolicies&version=1.4.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
AspNetCore.Hosting.ContentSecurityPolicies
ASP.NET Content Security Middleware
An easy middlware for instituting a Content Security Policy header in the ASP.NET pipeline
Basic use case (includes 'self' for default-src):
app.UseContentSecurityPolicy(policy => policy);
Standard use case:
app.UseContentSecurityPolicy(policy => policy
.WithDefaultSource(ContentSecurityPolicyResources.Self)
.WithImageSource(ContentSecurityPolicyResources.Self,
SchemaResources.Data)
.WithFontSource(ContentSecurityPolicyResources.Self,
ContentSecuritySourceResources.GoogleFonts)
.WithStyleSource(ContentSecurityPolicyResources.Self,
ContentSecuritySourceResources.GoogleFontStyles,
ContentSecuritySourceResources.Cloudflare)
.WithScriptSource(ContentSecurityPolicyResources.Self)
.WithConnectSource(ContentSecurityPolicyResources.Self,
ContentSecuritySourceResources.MicrosoftLogin,
ContentSecuritySourceResources.MicrosoftGraph)
.WithFrameSource(ContentSecurityPolicyResources.None)
.WithFrameAncestors(ContentSecurityPolicyResources.None);
)
Disable default-src 'self':
app.UseContentSecurityPolicy(policy => policy.WithoutDefaultSelf());
Use sandbox:
app.UseContentSecurityPolicy(policy => policy.WithSandBox(SandboxOptions.AllowScripts))
Use route specific policies:
References
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net6.0
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.Extensions.Logging.Abstractions (>= 6.0.3)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Added routable policies