CSP - code added

Swapnamol · Swapnamol · commit 7c407a1255ba · 2025-03-19T17:55:34.000Z
diff --git a/WebAPI/LearningHub.Nhs.API/Program.cs b/WebAPI/LearningHub.Nhs.API/Program.cs
@@ -38,16 +38,16 @@
 
     app.UseMiddleware<ExceptionMiddleware>();
 
-    ////app.Use(async (context, next) =>
-    ////{
-    ////    ////context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';");
-    ////    context.Response.Headers.Add("Referrer-Policy", "no-referrer");
-    ////    context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
-    ////    context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
-    ////    context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
-    ////    context.Response.Headers.Add("X-XSS-protection", "0");
-    ////    await next();
-    ////});
+    app.Use(async (context, next) =>
+    {
+        context.Response.Headers.Add("content-security-policy", "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';");
+        context.Response.Headers.Add("Referrer-Policy", "no-referrer");
+        context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+        context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
+        context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
+        context.Response.Headers.Add("X-XSS-protection", "0");
+        await next();
+    });
 
     app.UseEndpoints(endpoints => endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}"));
 
