search

aspnet / live.asp.net

Code for live.asp.net, which hosts the ASP.NET Community Stand-up
https://live.asp.net/
MIT License
289 stars 114 forks source link

Configure HSTS #115

Closed DamianEdwards closed 7 years ago

DamianEdwards commented 7 years ago

Configure HSTS to enforce HTTPS in browsers. See https://www.troyhunt.com/understanding-http-strict-transport/

Ky7m commented 7 years ago

What do you think about ways of implementation:

NWebsec also helps with CSP (https://en.wikipedia.org/wiki/Content_Security_Policy)

DamianEdwards commented 7 years ago

I started it in the msbuild-migrate branch already as middleware. It's not working AFAICT when I deploy to Azure so not sure what's wrong yet.

Ky7m commented 7 years ago

https://github.com/aspnet/live.asp.net/commit/fe3504ee056b6657452b120d164259f6fabb4eed#diff-9d101b311b5f600a517cce4d840f680aR30

DamianEdwards commented 7 years ago

Fixed (finally) in 39c48c8cc830ad661fcf3f04024e057159a87755