andrewlock NetEscapades.AspNetCore.SecurityHeaders issues

andrewlock / NetEscapades.AspNetCore.SecurityHeaders

Small package to allow adding security headers to ASP.NET Core websites

MIT License

701 stars 73 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Added net9.0 to target frameworks so package works with .NET 9 projects.

#210 brutaldev closed 1 week ago
3
X-Frame-Options on its way out?

#209 SimmeNilsson opened 3 weeks ago
4
Adjust documentation

#208 daze99 closed 1 month ago
1
Update version

#207 andrewlock closed 1 month ago
0
Should target only supported .net versions, ie 8.0 instead of the obsolete unsupported 3.1

#206 madhon closed 1 month ago
4
Fix transient dependencies

#205 trejjam closed 1 month ago
2
Add a more strict default

#204 damienbod closed 1 month ago
7
Remove ambient-light-sensor=() Fix browser warning: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.

#203 damienbod closed 1 month ago
3
Feedback version 1, small changes to default

#202 damienbod closed 1 month ago
4
Override "cache-control: no-cache, no-store"?

#201 brianrutter closed 2 months ago
2
Allow accessing an `IServiceProvider` when configuring a `SecurityHeaderPolicyBuilder`

#200 andrewlock closed 1 month ago
0
1.0.0 preview1 feedback: allow IServiceProvider when defining policies

#199 ArturDorochowicz closed 1 month ago
6
Make nonce generation lazy

#198 andrewlock closed 2 months ago
0
Mark ExpectCTHeader as obsolete

#197 andrewlock closed 2 months ago
0
Version bump

#196 andrewlock closed 2 months ago
0
Add logo

#195 andrewlock closed 2 months ago
0
Security Headers Logo

#194 khalidabuhakmeh closed 2 months ago
2
Build updates

#193 andrewlock closed 2 months ago
0
Full CSP Header only added on first request after app start

#192 wiedikerli closed 2 months ago
0
Mark xss protection obsolete

#191 andrewlock closed 2 months ago
0
Major version bump

#190 andrewlock closed 2 months ago
0
.Net 9 Blazor importmap sha creation

#189 ghidello closed 2 months ago
8
Update readme based on latest

#188 andrewlock closed 2 months ago
0
Mark FeaturePolicy as obsolete

#187 andrewlock closed 2 months ago
0
Remove "document header" functionality in favour of policy selector

#186 andrewlock closed 2 months ago
0
Significant refactor of applying custom policies

#185 andrewlock closed 2 months ago
0
Update defaults again

#184 andrewlock closed 2 months ago
0
Update default policies

#183 andrewlock closed 2 months ago
0
Fix typos in permissions policy documentation

#182 andrewlock closed 2 months ago
0
Bump version

#181 andrewlock closed 2 months ago
0
Fix using obsolete version of action

#180 andrewlock closed 2 months ago
0
Allow adding multiple uris to CSP builder `AddFrameAncestors()`

#179 andrewlock closed 2 months ago
0
Content Security Policy Frame Ancestors builder doesn't allow multiple URIs in single call

#178 JackGilmore closed 2 months ago
3
Adds new Permissions Policies

#177 Registeel closed 2 months ago
6
Update Features to Latest Available

#176 Registeel closed 2 months ago
6
Add Public API tests

#175 andrewlock closed 2 months ago
0
Allow cutsomizing the headers per request

#174 andrewlock closed 2 months ago
0
Endpoint security middleware

#173 andrewlock closed 3 months ago
0
Allow specifying different properties for endpoints

#172 andrewlock closed 3 months ago
0
Bump minimum dep to 3.1

#171 andrewlock closed 3 months ago
0
Add demo of adding hashes for fallback scripts to demo site

#170 andrewlock closed 3 months ago
0
Make adding directives to the CSP idempotent to avoid duplicates

#169 andrewlock closed 3 months ago
0
Remove X-XSS-Protection from default headers

#168 andrewlock closed 3 months ago
0
Drop support for .NET FX, update minimum to .NET Core 2.1

#167 andrewlock closed 3 months ago
0
Update SDK version

#166 andrewlock closed 3 months ago
0
Changed OnResponseStarting method

#165 castilhera closed 2 months ago
1
Adding reporting endpoints for uriports.com

#164 daver77 closed 3 months ago
1
Remove X-XSS-Protection from defaults

#163 EddyCwdry closed 3 months ago
1
Add support for `unsafe-hashes` on `style` attributes, and inline event handlers (fixes #155)

#162 tiesmaster closed 3 months ago
8
Bump version

#161 andrewlock closed 5 months ago
0