Comments (1)
Use the BuildWebHost
method from the static WebHost
class in Microsoft.AspNetCore
as an example and starting point.
There will be a static class called SecureHeadersMiddlewareBuider
which contains extension methods for creating and setting up the SecureHeadersMiddlewareConfiguration
object. This will then be passed to the constructor of SecureHeadersMiddleware
on calling the Build
(or similar) extension method.
An example extension method for SecureHeadersMiddlewareBuider
would be UseHsts
which will have the following fingerprint:
public static UseHsts(this SecureHeadersMiddlewareConfiguration middleware, bool IncludeSubDomains, int MaxAge)
This method will set the value of the bool UseHsts
(found in SecureHeadersMiddlewareConfiguration
) to true, create an instance of the HstsConfiguration
with the supplied settings (or defaults if not supplied) and assign it to the HstsConfiguration
object (again, found in SecureHeadersMiddlewareConfiguration
).
The build method will simply call the UseSecureHeadersMiddleware
method (found in SecureHeadersMiddlewareExtensions
) and pass in the value of the SecureHeadersMiddlewareConfiguration
which was set up using the SecureHeadersMiddlewareBuider
class.
from owaspheaders.core.
Related Issues (20)
- Not compatible with .Net Core 2.1
- ReportUri in ExpectCt not optional / hard-coded in default config
- blob:, *, data: are capsulated between quotes HOT 1
- Azure Function support as a binding? HOT 1
- Remove X-XSS-Protection header from defaults HOT 1
- Set-Cookie header is not supported
- "Feature" request: a changelog HOT 2
- Allow configuration for X-Content-Security-Policy
- Unit tests disabled if something is wrong in setup HOT 1
- Custom Content Security Policies not being built correctly HOT 2
- RemovePoweredByHeader does not remove the server header
- Middleware should use OptionsBuilder
- Add Content-Security-Policy-Report-Only only header
- SetCspUris with each of one CspCommandType.Directive and CspCommandType.Uri results in duplicate values in header HOT 2
- Expect-CT is deprecated, consider removing or disabling by default HOT 1
- X-XSS-Protection has been deprecated and can cause issues with modern browsers if present.
- Cross-Origin-Embedder-Policy not supported
- Cross-Origin-Opener-Policy not supported
- Cross-Origin-Resource-Policy not supported HOT 2
- [High Priority] Remove support for .NET Framework
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from owaspheaders.core.