Skip to content

Commit

Permalink
add content security header
Browse files Browse the repository at this point in the history
  • Loading branch information
Lan Nguyen Thuy committed Mar 28, 2024
1 parent 514a885 commit 4ad7048
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 0 deletions.
48 changes: 48 additions & 0 deletions src/UmbracoProject/Program.cs
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
using Joonasw.AspNetCore.SecurityHeaders;

WebApplicationBuilder builder = WebApplication.CreateBuilder(args);

builder.CreateUmbracoBuilder()
Expand Down Expand Up @@ -27,6 +29,52 @@
app.UseHsts();
}

app.Use(async (context, next) =>
{
context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
await next();
});

app.UseCsp(csp =>
{
csp.ByDefaultAllow
.FromSelf()
.From("packages.umbraco.org")
.From("our.umbraco.org");
csp.AllowScripts
.FromSelf()
.From("ajax.googleapis.com")
.From("unpkg.com")
.From("ajax.aspnetcdn.com")
.From("cdnjs.cloudflare.com")
.From("cdn.jsdelivr.net");
csp.AllowStyles
.FromSelf()
.AllowUnsafeInline()
.From("fonts.googleapis.com")
.From("cdn.jsdelivr.net")
.From("cdnjs.cloudflare.com")
.From("cdn.linearicons.com");
csp.AllowImages
.FromSelf()
.From("*.googleapis.com")
.From("via.placeholder.com")
.From("umbraco.com");
csp.AllowFonts
.FromSelf()
.From("cdnjs.cloudflare.com")
.From("fonts.gstatic.com")
.From("cdn.linearicons.com");

csp.AllowFraming.FromSelf();
csp.OnSendingHeader = context =>
{
context.ShouldNotSend = context.HttpContext.Request.Path.StartsWithSegments("/umbraco");
return Task.CompletedTask;
};
});

app.UseUmbraco()
.WithMiddleware(u =>
{
Expand Down
1 change: 1 addition & 0 deletions src/UmbracoProject/UmbracoProject.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -638,6 +638,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="Joonasw.AspNetCore.SecurityHeaders" Version="5.0.0" />
<PackageReference Include="Umbraco.Cloud.Cms.PublicAccess" Version="13.0.0" />
<PackageReference Include="Umbraco.Cloud.Identity.Cms" Version="13.0.0" />
<PackageReference Include="Umbraco.Cloud.StorageProviders.AzureBlob" Version="13.0.1" />
Expand Down

0 comments on commit 4ad7048

Please sign in to comment.