-
I am trying to use NWebSec (4.1 or 4.2) with IIS 8.5 running in classic mode. I believe I've followed the installation steps correctly. I have remove the module from the system.webServer section and a…
-
Rumor has it that something's cooking in Redmond. NWebsec should be updated to run on the new frameworks.
-
Currently, `SaveCookieTokenAndHeader` always replaces the `X-Frame-Options` header with its own value, even if a stricter header has already been added to the response headers by another middleware (e…
-
Hello ... Sorry I couldn't check everything about it in details, but I knew that the Server header couldn't be removed since the last upgrade of NWebsec.
I suggest changing the value of the server hea…
-
Please see this sample for chrome: https://googlechrome.github.io/samples/block-modal-dialogs-sandboxed-iframe/
Unfortunately, Chrome will block modal dialogs by default, and the only way to override…
-
Configure HSTS to enforce HTTPS in browsers. See https://www.troyhunt.com/understanding-http-strict-transport/
-
I've published an asp.net core website on my server, and after getting reports of errors, I went to check my logs. There are exception, but they don't have line numbers, so it's hard to figure out wha…
-
Standard: https://w3c.github.io/webappsec/specs/mixedcontent/
Not sure about the browser support.
-
In the SSL module you can configure the whole site to be strictly under SSL and redirect all non-HTTPS requests to their HTTPS counterparts (which is mostly what you'd like to do). This leaves a possi…
-
:yum: