jklotzsche-msft
commented
4 months ago UPDATE: forgot to add the routePrefix and enabled managedDependency. This is the correct version:
{ "version": "2.0", "extensions": { "http": { "routePrefix": "/api", "customHeaders": { "Permissions-Policy": "geolocation=()", "X-Frame-Options": "SAMEORIGIN", "Content-Security-Policy": "default-src 'self'", "Strict-Transport-Security": "max-age=31536000; includeSubDomains", "X-Content-Type-Options": "nosniff", "Referrer-Policy": "no-referrer" } } }, "managedDependency": { "enabled": true }, "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle", "version": "[3.*, 4.0.0)" } }
Just a suggestion: You could add some hardening to your Azure Function App template. e.g.:
host.json { "version": "2.0", "extensions": { "http": { "routePrefix": "", "customHeaders": { "Permissions-Policy": "geolocation=()", "X-Frame-Options": "SAMEORIGIN", "Content-Security-Policy": "default-src 'self'", "Strict-Transport-Security": "max-age=31536000; includeSubDomains", "X-Content-Type-Options": "nosniff", "Referrer-Policy": "no-referrer" } } }, "managedDependency": { "Enabled": false }, "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle", "version": "[3.*, 4.0.0)" } }