Skip to content

v1.2.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Sep 16:01
· 11 commits to main since this release
v1.2.0
5dcaedb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changes in 1.2.0:

Features:

  • Add support for child-src to Content-Security-Policy #259
  • Allow multiple calls to AddSecurityHeadersPolicies() for registering named polices #250

Fixes:

Changes in 1.1.0

Features:

  • Add AddRange() to SourceCollection #240, #242 (Thanks @rankobp)
  • Improve CSP documentation #241 (Thanks @Meir017)
  • Add X-Frame-Options ALLOW-FROM with correct method name AddFrameOptionsAllowFrom() #244

Changes in 1.0.0

This marks the first major release of the NetEscapades.AspNetCore.SecurityHeaders. For simplicity, all the changes since 0.24.0 are included below.

Breaking Changes:

  • Drop support for .NET Standard 2.0, raises minimum framework to .NET Core 3.1 #167, #171
  • Removed "document header" functionality, in favour of always adding all headers #186
  • Remove X-XSS-Protection from default headers and mark obsolete #168
  • Add cross-origin-opener-policy: same-origin to default headers #184
  • Mark Feature-Policy as obsolete #187
  • Mark Expect-CT as obsolete #197
  • Make nonce generation lazy on call to HttpContext.GetNonce() #198
  • Remove ambient-light-sensor=() from DefaultSecureDirectives() for permissions policy #203 (Thanks damienbod!)
  • Update COOP, COEP, and CORP for AddDefaultSecurityHeaders() and AddDefaultApiSecurityHeaders() #204 (Thanks damienbod!)
  • Removes obsolete APIs (#217)

Features:

  • Allow configuring "named" policies, and applying different policies to different endpoints #172, #173, #185
  • Allow customizing the HeaderPolicyCollection just before it is applied, customizing per request #174, #185
  • Make adding directives to Content-Security-Policy idempotent to avoid duplicates #169
  • Add AddDefaultApiSecurityHeaders() for adding default headers to APIs #183, #184
  • Add AddPermissionsPolicyWithRecommendedDirectives() and PermissionsPolicyBuilder.AddDefaultSecureDirectives() for adding secure Permissions-Policy directives in bulk #183, #184
  • NetEscapades.AspNetCore.SecurityHeaders now has an icon, thanks @khalidabuhakmeh! #195
  • Allow accessing an IServiceProvider when configuring a SecurityHeaderPolicyBuilder #200
  • Adds support for Trusted Types to Content-Security-Policy (#216, #218)

Build updates:

  • Allow building from forks #232
  • Fix release generation #231, #235, #236
  • Fix recording test results #221
  • Define version in the build project instead #223
  • Generate SBOM #222
  • Generate SBOM attestation #224
  • Generate artifact provenance attestation #225
  • Automatically create releases #229

Changes from 1.0.0-preview.4 to 1.0.0:

All NuGet packages are available on https://www.nuget.org. You can view the build provenance attestation
for the NuGet packages here.

The Software Bill of Materials (SBOM) is available for each package in CycloneDX format. View the provenance
attestations for the SBOMs here:

Note

You cannot assert the provenance of the .nupkg packages downloaded from nuget.org directly. First, you
must remove the .signature.p7s file, as described here.

Contributors

khalidabuhakmeh
Assets 4
Loading