HttpSecurity.AspNet
1.2.0
dotnet add package HttpSecurity.AspNet --version 1.2.0
NuGet\Install-Package HttpSecurity.AspNet -Version 1.2.0
<PackageReference Include="HttpSecurity.AspNet" Version="1.2.0" />
paket add HttpSecurity.AspNet --version 1.2.0
#r "nuget: HttpSecurity.AspNet, 1.2.0"
// Install HttpSecurity.AspNet as a Cake Addin #addin nuget:?package=HttpSecurity.AspNet&version=1.2.0 // Install HttpSecurity.AspNet as a Cake Tool #tool nuget:?package=HttpSecurity.AspNet&version=1.2.0
HttpSecurity.AspNet
Table of Contents
About The Project
This package builds security policies for ASP.NET projects, including both Blazor Server and the server part of a Server Hosted Blazor WebAssembly project.
We would recommend cloning or forking this repo and see how the example Blazor Server project builds its security policies in
Program.cs
.
Background
In general this package allows you to cleanly add a set of security headers to outgoing responses to requests for resources. The best references for both the CSP and miscellaneous security headers is found in the MDN documents starting here. An article specifically addressing ASP.Net Blazor is found here.
Getting Started
ASP.NET
- Add
builder.Services.AddHttpsSecurityHeaders()
in yourProgram.cs
file, specifying the options that you require. - Add
app.UseHttpSecurityHeaders();
withapp.UseCompressedStaticFiles();
inStartup.Configure()
. By default CompressedStaticFiles is configured to allow slightly larger files for some image formats as they can store more pixels per byte, this can be disabled by callingbuilder.CompressedStaticFileOptions.RemoveImageSubstitutionCostRatio()
.
Example
An example can be found in the Example directory.
If you are running with a cloned repository you can remove the comment in _host.cshtml around "link rel='stylesheet' href='https://a.com/a.css'" to cause a security violation.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net8.0
- Microsoft.Extensions.Logging.Abstractions (>= 8.0.0)
- Microsoft.Extensions.Options (>= 8.0.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated | |
---|---|---|---|
1.2.0 | 832 | 1/26/2024 | |
1.1.0 | 840 | 6/7/2023 | |
1.0.0 | 891 | 1/19/2023 | |
1.0.0-preview.6 | 442 | 11/3/2022 | |
1.0.0-preview.5 | 231 | 10/24/2022 | |
1.0.0-preview.4 | 385 | 10/1/2022 | |
1.0.0-preview.3 | 173 | 9/30/2022 | |
1.0.0-preview.2 | 202 | 9/29/2022 | |
1.0.0-preview.1 | 170 | 9/27/2022 |