Consider a new middleware for the simple security headers.

dotnet / AspNetCore.Docs

Documentation for ASP.NET Core

https://docs.microsoft.com/aspnet/core

Creative Commons Attribution 4.0 International

12.64k stars 25.29k forks source link

Consider a new middleware for the simple security headers. #10342

Open blowdart opened 6 years ago

blowdart commented 6 years ago

Inspired by https://github.com/aspnet/templating/issues/497

X-Content-Type
X-Frame-Options
X-XSS-Protection

But not Content-Security-Policy because that's very app dependent to be on by default, and never ever public-key-pins because that's going away because it sucked.

mkArtakMSFT commented 6 years ago

@muratg, I assume this is going to happen as part of 3.0?

muratg commented 6 years ago

@mkArtakMSFT Yup.

@glennc FYI

muratg commented 6 years ago

@blowdart Would you be OK with a doc instead?

blowdart commented 5 years ago

If it's a middlware then it's not a docs issue @mkArtakMSFT. This is a decision for the MVC team to make on how they want to approach it.