Open fastbike opened 1 year ago
Good point. I was planning to implement it but not in this time-frame. If you have something ready I can support for code-review.
I'll add it to my todo list. We're using the OWASP ZAP tool - it provides some interesting insights.
I've got something I can post up here in a few days. We're also looking at CSRF so might do it together.
DMVC already has middleware for CORS and general Security Headers.
There is also a set of standards around Content Security Policy (CSP), designed to help detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Is there any plan to develop a middleware plugin ? Is anybody interested in collaborating if I was to start work on one ?