HttpSecurity.AspNet 1.2.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package HttpSecurity.AspNet --version 1.2.0                

                    
                

            
NuGet\Install-Package HttpSecurity.AspNet -Version 1.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="HttpSecurity.AspNet" Version="1.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add HttpSecurity.AspNet --version 1.2.0                

                    
                

            
#r "nuget: HttpSecurity.AspNet, 1.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install HttpSecurity.AspNet as a Cake Addin
#addin nuget:?package=HttpSecurity.AspNet&version=1.2.0

// Install HttpSecurity.AspNet as a Cake Tool
#tool nuget:?package=HttpSecurity.AspNet&version=1.2.0

HttpSecurity.AspNet

NuGet release version NuGet pre-release version NuGet downloads

GitHub license GitHub issues GitHub forks GitHub stars GitHub watchers

GithubActionsRelease GithubActionsWIP

Table of Contents

About The Project

This package builds security policies for ASP.NET projects, including both Blazor Server and the server part of a Server Hosted Blazor WebAssembly project. We would recommend cloning or forking this repo and see how the example Blazor Server project builds its security policies in Program.cs.

Background

In general this package allows you to cleanly add a set of security headers to outgoing responses to requests for resources. The best references for both the CSP and miscellaneous security headers is found in the MDN documents starting here. An article specifically addressing ASP.Net Blazor is found here.

Getting Started

ASP.NET

  • Add builder.Services.AddHttpsSecurityHeaders() in your Program.cs file, specifying the options that you require.
  • Add app.UseHttpSecurityHeaders(); with app.UseCompressedStaticFiles(); in Startup.Configure(). By default CompressedStaticFiles is configured to allow slightly larger files for some image formats as they can store more pixels per byte, this can be disabled by calling builder.CompressedStaticFileOptions.RemoveImageSubstitutionCostRatio().

Example

An example can be found in the Example directory.

If you are running with a cloned repository you can remove the comment in _host.cshtml around "link rel='stylesheet' href='https://a.com/a.css'" to cause a security violation.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.