Full CSP Header only added on first request after app start

andrewlock / NetEscapades.AspNetCore.SecurityHeaders

Small package to allow adding security headers to ASP.NET Core websites

MIT License

701 stars 73 forks source link

Full CSP Header only added on first request after app start #192

Closed wiedikerli closed 2 months ago

wiedikerli commented 2 months ago

hi, i'm using the example from the readme and the full csp header is only added on the first request after the app is started. The other header value (X-My-Test-Header) is sent on every request. first request after app start first-request subsequent response headers subsequent-request

is this intended?

versions: .net8.0 NetEscapades.AspNetCore.SecurityHeaders: 0.21.0 NetEscapades.AspNetCore.SecurityHeaders.TagHelpers: 0.21.0