GenHTTP Add support for Content Security Policy

Add support for Content Security Policy

Open Kaliumhexacyanoferrat opened this issue 5 years ago • 0 comments

As the hoster of a web application, I want to be able to define a Content Security Policy (CSP), so that several protection mechanisms can be applied. Note: This is implemented instead of X-XSS-Protection.

Example

The CSP can be send using an additional extension for this purpose, with a sane default to be applied.

var policy = ContentSecurityPolicy.Create()
                                  .BaseUri(...)
                                  .Source(ContentSource.Script, ...)
                                  .BlockMixed(true);

var server = Server.Create.Security(policy);

Acceptance criteria

The functionality is implemented in the security module
If a policy is defined, it will be sent to the client with every response
If no custom policy is set, a sane default will be applied automatically
If policy is set to ContentSecurityPolicy.None(), the extension will not be registered and no header will be sent

Apr 05 '19 08:04 Kaliumhexacyanoferrat

GenHTTP GenHTTP copied to clipboard

Add support for Content Security Policy

GenHTTP
GenHTTP copied to clipboard