MadEyeMatt.AspNetCore.SecurityHeaders
6.0.0
dotnet add package MadEyeMatt.AspNetCore.SecurityHeaders --version 6.0.0
NuGet\Install-Package MadEyeMatt.AspNetCore.SecurityHeaders -Version 6.0.0
<PackageReference Include="MadEyeMatt.AspNetCore.SecurityHeaders" Version="6.0.0" />
paket add MadEyeMatt.AspNetCore.SecurityHeaders --version 6.0.0
#r "nuget: MadEyeMatt.AspNetCore.SecurityHeaders, 6.0.0"
// Install MadEyeMatt.AspNetCore.SecurityHeaders as a Cake Addin
#addin nuget:?package=MadEyeMatt.AspNetCore.SecurityHeaders&version=6.0.0
// Install MadEyeMatt.AspNetCore.SecurityHeaders as a Cake Tool
#tool nuget:?package=MadEyeMatt.AspNetCore.SecurityHeaders&version=6.0.0
AspNetCore.SecurityHeaders
A middleware to configure and add security headers to HTTP responses.
Usage
To enable the middleware in your ASP.NET Core app, just call the UseSecurityHeaders extenion
method on the WebApplication instance. This minimal configuration will write the headers with
default values.
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
WebApplication app = builder.Build();
app.UseSecurityHeaders();
app.MapGet("/", () => "Hello World!");
app.Run();
The default configuration produces the following response headers.
Content-Security-Policy: default-src 'none';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
You can configure every header using the AddSecurityHeaders extension method
on the IServiceCollection. If you f.e. don't want to write the X-XSS-Protection
header, just disble it using the options like below.
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
builder.Services.AddSecurityHeaders(options =>
{
options.XssProtection.WriteEnabled = false;
});
WebApplication app = builder.Build();
app.UseSecurityHeaders();
app.MapGet("/", () => "Hello World!");
app.Run();
All header are WriteEnabled = true by default. The Permissions-Policy will
not be written, because the options of this header are defines as opt-in. If no directive
is activated, the header will not be written. Youn can enable directives using the options
like below.
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
builder.Services.AddSecurityHeaders(options =>
{
options.PermissionsPolicy.Accelerometer.Value = AllowListValue.Self;
options.PermissionsPolicy.Accelerometer.WriteEnabled = true;
});
WebApplication app = builder.Build();
app.UseSecurityHeaders();
app.MapGet("/", () => "Hello World!");
app.Run();
This will write the Permissions-Policy in addition to the default header.
Permissions-Policy: accelerometer=(self)
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- JetBrains.Annotations (>= 2022.1.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|