agilenut

Sure, here's an example: https://stackoverflow.com/questions/35047563/how-to-intercept-response-in-asp-net-5-after-all-other-middlewares

FYI, I just did a quick test with this and it seemed to work ``` public class ContentSecurityPolicyMiddleware { private const string CspHeaderName = "Content-Security-Policy"; private const string CspReportOnlyHeaderName =...

Understood. Thank you for looking at it. I took a bit of time today to play around with it. I was able to get something similar to this working in...

Fingers crossed this gets fixed. Right now, I have to create an extra operation filter in every API I create.

> One reason we use [Produces("application/json"] is because we want our swagger documentation to show application/json for our normal content. Same here. We need to be able to use both...

I know this sounds silly but this was actually my most anticipated "feature" of .Net 7.

FYI - I think the change proposed here allows you to check the content-type of the response in the OnSendingHeader callback. https://github.com/juunas11/aspnetcore-security-headers/issues/39

Yes. Please use Microsoft.Extensions.Logging so that you are consistent with all other modern .net libs and provide the flexibility for the consumer to choose their logging implementation of choice.

> A simple strategy is this: > > introduce some very simple log base class > have a default console logger that implements the base class > have a logging...

@bhollis - I'm using the latest version of Edge on Windows 10. I installed JSONView from Microsoft Edge Add-ons Marketplace. I highlight the entire JSON text in the browser using...