Mits.SecurityHardening.Core
1.0.1
dotnet add package Mits.SecurityHardening.Core --version 1.0.1
NuGet\Install-Package Mits.SecurityHardening.Core -Version 1.0.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Mits.SecurityHardening.Core" Version="1.0.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Mits.SecurityHardening.Core --version 1.0.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Mits.SecurityHardening.Core, 1.0.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Mits.SecurityHardening.Core as a Cake Addin
#addin nuget:?package=Mits.SecurityHardening.Core&version=1.0.1
// Install Mits.SecurityHardening.Core as a Cake Tool
#tool nuget:?package=Mits.SecurityHardening.Core&version=1.0.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Security Hardening for Microsoft .NET Core, .NET 5/6/7 Web applications.
Automatically includes the following HTTP Response Headers in the HTTP Responses of the web application
X-Content-Type-Options
X-Frame-Options
referrer-policy
X-Permitted-Cross-Domain-Policies
X-XSS-Protection
Expect-CT
Feature-Policy
Permissions-Policy
Content-Security-Policy
Removes the following HTTP Response Header from the HTTP Response of the web application
X-Powered-By
X-AspNetMvc-Version
Example configuration
"AppSecurity": {
"ReferrerPolicy": "strict-origin-when-cross-origin",
"ContentTypeOptions": "nosniff",
"FrameOptions": "DENY",
"PermittedCrossDomainPolicies": "none",
"XssProtection": "1; mode=block",
"CertificateTransparency": "max-age=0, enforce, report-uri=https://example.report-uri.com/r/d/ct/enforce",
"FeaturePolicy": "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'",
"PermissionsPolicy": "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
"ContentSecurityPolicy": "default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.some-page.com https://*.tv-page.tv https://*.tools.net ; style-src 'self' 'unsafe-inline' https://*.cloudflare.com; img-src 'self' data: https://*.data-page.net; font-src 'self' data:; connect-src 'self' https://dc.services.visualstudio.com; media-src 'self' data: https://*.data-page.tv; frame-src 'self' https://*.tv-page.tv; frame-ancestors 'self';"
}
How to use it in a .NET Core, .NET 5/6/7 application
public void ConfigureServices(IServiceCollection services)
{
...
services.AddSecurityHardening();
...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
// Use prior (!!) the app.UseEndpoints statements!
app.UseSecurityHardening();
...
}
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
.NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen40 was computed. tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
.NETStandard 2.0
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.AspNetCore.Http.Features (>= 5.0.17)
- Microsoft.Extensions.Configuration (>= 6.0.0)
- Microsoft.Extensions.Logging (>= 6.0.0)
- Microsoft.Extensions.Options (>= 6.0.0)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 6.0.0)
- Microsoft.Net.Http.Headers (>= 2.1.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.