File tree Expand file tree Collapse file tree 1 file changed +14
-0
lines changed
Auth/LearningHub.Nhs.Auth Expand file tree Collapse file tree 1 file changed +14
-0
lines changed Original file line number Diff line number Diff line change 5656 await next ( ) ;
5757 } ) ;
5858
59+ app . Use ( async ( context , next ) =>
60+ {
61+ // Add security headers
62+ context . Response . Headers . Add ( "Strict-Transport-Security" , "max-age=31536000; includeSubDomains; preload" ) ;
63+ context . Response . Headers . Add ( "X-Content-Type-Options" , "nosniff" ) ;
64+ context . Response . Headers . Add ( "X-XSS-Protection" , "1; mode=block" ) ;
65+ context . Response . Headers . Add ( "X-Frame-Options" , "DENY" ) ;
66+ context . Response . Headers . Add ( "Content-Security-Policy" , "default-src 'self'; script-src 'self'; object-src 'none';" ) ;
67+ context . Response . Headers . Add ( "Referrer-Policy" , "no-referrer-when-downgrade" ) ;
68+ context . Response . Headers . Add ( "Feature-Policy" , "geolocation 'self'; microphone 'none'; camera 'none'" ) ;
69+
70+ await next ( ) ;
71+ } ) ;
72+
5973if ( app . Environment . IsDevelopment ( ) )
6074{
6175 app . UseDeveloperExceptionPage ( ) ;
You can’t perform that action at this time.
0 commit comments