azure-functions-host icon indicating copy to clipboard operation
azure-functions-host copied to clipboard
verified publisher icon Azure

Add Response Headers to default Azure Function 4.0 UI Page

Open bossbast1 opened this issue 8 months ago • 2 comments

Description

Hello,

can you please add option to add security Headers:

X-Content-Type-Options: This HTTP header will prevent the browser from interpreting files as a different MIME type to what is specified in the Content-Type HTTP header.

Strict-Transport-Security: The HTTP Strict-Transport-Security response header (HSTS) allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol.

to the default UI page of Function app worker

Internal scans are reporting it, and I was not able to find any way how to add response headers myself.

Thank you

Image

bossbast1 avatar May 07 '25 12:05 bossbast1

That is the homepage of functions runtime. Transferring it to the appropriate repo.

kshyju avatar May 28 '25 19:05 kshyju

Hi, sorry to bother again — just checking in on the status of this ticket. Our security team is asking for regular updates. Thanks for your time!

bossbast1 avatar Sep 30 '25 14:09 bossbast1