lsm/OpenAuth.Net
1
0
Fork 0
mirror of https://gitee.com/dotnetchina/OpenAuth.Net.git synced 2025-04-05 17:38:01 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
034632e59b
OpenAuth.Net/OpenAuth.Identity/Quickstart/SecurityHeadersAttribute.cs
yubaolee 9fd0405721 同步openauth.Core: 
采用代码生成器的表结构控制前端显示,删除以前按照dbset获取数据库结构
优化注释
升级EF及所有三方的版本
2021-10-18 00:42:29 +08:00

57 lines
2.8 KiB
C#
Raw Blame History

// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
namespace OpenAuth.IdentityServer.Quickstart
{
public class SecurityHeadersAttribute : ActionFilterAttribute
{
public override void OnResultExecuting(ResultExecutingContext context)
{
var result = context.Result;
if (result is ViewResult)
{
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
// if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Type-Options"))
// {
// context.HttpContext.Response.Headers.Add("X-Content-Type-Options", "nosniff");
// }
//
// // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
// if (!context.HttpContext.Response.Headers.ContainsKey("X-Frame-Options"))
// {
// context.HttpContext.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
// }
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
// var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
// also consider adding upgrade-insecure-requests once you have HTTPS in place for production
//csp += "upgrade-insecure-requests;";
// also an example if you need client images to be displayed from twitter
// csp += "img-src 'self' https://pbs.twimg.com;";
// once for standards compliant browsers
// if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
// {
// context.HttpContext.Response.Headers.Add("Content-Security-Policy", csp);
// }
// // and once again for IE
// if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
// {
// context.HttpContext.Response.Headers.Add("X-Content-Security-Policy", csp);
// }
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
// var referrer_policy = "no-referrer";
// if (!context.HttpContext.Response.Headers.ContainsKey("Referrer-Policy"))
// {
// context.HttpContext.Response.Headers.Add("Referrer-Policy", referrer_policy);
// }
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink