Craig100
12/21/2023, 1:06 PM// Security Additions
app.UseHttpsRedirection();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}else
{
app.UseHsts();
}
app.Use(async (context, next) =>
{
context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
context.Response.Headers.Add("X-Xss-Protection", "1; mode=block");
await next();
});
As we now just have program.cs, what is the new equivalent? The docs give you code snippets but don't tell you where to put them. I guess they assume we're all dotnet 8 C# 12 Ninjas, which I'm not 😉
Any advice appreciated.
Thanks.D_Inventor
12/21/2023, 1:19 PMWebApplication app = builder.Build();
await app.BootUmbracoAsync();
You should be able to paste your snippet behind thereCodeSharePaul
12/21/2023, 1:20 PMcs
using MyProject.Middleware;
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
builder.CreateUmbracoBuilder()
.AddBackOffice()
.AddWebsite()
.AddDeliveryApi()
.AddComposers()
.Build();
WebApplication app = builder.Build();
await app.BootUmbracoAsync();
//here
app.UseMiddleware<SecurityHeadersMiddleware>();
//here
app.UseUmbraco()
.WithMiddleware(u =>
{
u.UseBackOffice();
u.UseWebsite();
})
.WithEndpoints(u =>
{
u.UseInstallerEndpoints();
u.UseBackOfficeEndpoints();
u.UseWebsiteEndpoints();
});
await app.RunAsync();
And this is your class
cs
namespace MyProject.Middleware;
public sealed class SecurityHeadersMiddleware
{
private readonly RequestDelegate _next;
public SecurityHeadersMiddleware(RequestDelegate next)
{
_next = next;
}
public Task Invoke(HttpContext context)
{
context.Response.Headers.Add("referrer-policy", "no-referrer");
return _next(context);
}
}
CodeSharePaul
12/21/2023, 1:20 PMCodeSharePaul
12/21/2023, 5:36 PMCraig100
12/21/2023, 10:20 PMCodeSharePaul
12/22/2023, 8:47 AMCraig100
12/22/2023, 12:42 PM