DuendeSoftware
diff --git a/‎BFF/v2/TokenExchange/TokenExchange.IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎BFF/v2/TokenExchange/TokenExchange.IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎BFF/v3/TokenExchange/TokenExchange.IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎BFF/v3/TokenExchange/TokenExchange.IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎BFF/v3/docker/ContainerizedIdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎BFF/v3/docker/ContainerizedIdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎BFF/v4/MultiFrontendSSO/MultiFrontendSSO.IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 8 deletions b/‎BFF/v4/MultiFrontendSSO/MultiFrontendSSO.IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 8 deletions
diff --git a/‎IdentityServer/v7/AspNetIdentityPasskeys/IdentityServerAspNetIdentityPasskeys/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 8 deletions b/‎IdentityServer/v7/AspNetIdentityPasskeys/IdentityServerAspNetIdentityPasskeys/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 8 deletions
diff --git a/‎IdentityServer/v7/Configuration/Permissions/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎IdentityServer/v7/Configuration/Permissions/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎IdentityServer/v7/Configuration/PipelineRegistration/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎IdentityServer/v7/Configuration/PipelineRegistration/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎IdentityServer/v7/Configuration/SimpleDcr/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎IdentityServer/v7/Configuration/SimpleDcr/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎IdentityServer/v7/Configuration/SoftwareStatement/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎IdentityServer/v7/Configuration/SoftwareStatement/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎IdentityServer/v7/Diagnostics/Aspire/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions b/‎IdentityServer/v7/Diagnostics/Aspire/IdentityServer/Pages/SecurityHeadersAttribute.cs‎
Lines changed: 1 addition & 7 deletions
@@ -29,20 +29,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
 
@@ -29,20 +29,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers["Content-Security-Policy"] = csp;
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers["X-Content-Security-Policy"] = csp;
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
 
@@ -30,20 +30,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
 
@@ -31,22 +31,15 @@ public override void OnResultExecuting(ResultExecutingContext context)
             var csp =
                 "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
 
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
-
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
             if (!context.HttpContext.Response.Headers.ContainsKey("Referrer-Policy"))
 
@@ -31,22 +31,15 @@ public override void OnResultExecuting(ResultExecutingContext context)
             var csp =
                 "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
 
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
-
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
             if (!context.HttpContext.Response.Headers.ContainsKey("Referrer-Policy"))
 
@@ -34,20 +34,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
 
@@ -34,20 +34,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
 
@@ -34,20 +34,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
 
@@ -34,20 +34,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";
 
@@ -30,20 +30,14 @@ public override void OnResultExecuting(ResultExecutingContext context)
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
             var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
             // also consider adding upgrade-insecure-requests once you have HTTPS in place for production
-            //csp += "upgrade-insecure-requests;";
+            // csp += "upgrade-insecure-requests;";
             // also an example if you need client images to be displayed from twitter
             // csp += "img-src 'self' https://pbs.twimg.com;";
 
-            // once for standards compliant browsers
             if (!context.HttpContext.Response.Headers.ContainsKey("Content-Security-Policy"))
             {
                 context.HttpContext.Response.Headers.Append("Content-Security-Policy", csp);
             }
-            // and once again for IE
-            if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Security-Policy"))
-            {
-                context.HttpContext.Response.Headers.Append("X-Content-Security-Policy", csp);
-            }
 
             // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
             var referrer_policy = "no-referrer";