AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: Add CSP configuration to use CSPMiddleware and CSP nonce to script tags in several cshtml script

Browse Source
This commit is contained in:
Developer 02
2024-05-14 11:22:07 +02:00
parent 674d753735
commit 87a766a2e8
8 changed files with 26 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
EnvelopeGenerator.Web/Program.cs
View File

@@ -16,6 +16,7 @@ using EnvelopeGenerator.Web.Models;
using DigitalData.Core.DTO;
using System.Text.Encodings.Web;
using Ganss.Xss;
using EnvelopeGenerator.Web;
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
logger.Info("Logging initialized!");
@@ -183,15 +184,12 @@ try
}
app.UseHttpsRedirection();
app.UseStaticFiles();
var csp = config["Content-Security-Policy"];
if(csp is not null)
app.Use(async (context, next) =>
{
context.Response.Headers.Add("Content-Security-Policy", csp);
await next();
});
app.UseCSPMiddleware(csp);
app.UseStaticFiles();
app.UseCookiePolicy();