mirror of
https://github.com/bitwarden/server
synced 2025-12-29 14:43:39 +00:00
ae1fdb0992
* Upgrade to .NET 8 * Linting * Clean up old JSON deserialization code * More .NET 8-oriented linting * Light feedback * Get rid of old test we don't know the root issue for * Fix a new test * Remove now-unnecessary Renovate constraint * Use Any() * Somehow a 6.0 tooling config we don't need snuck back in * Space out properties that always change per release * Bump a few core packages since the last update
29 lines
933 B
C#
29 lines
933 B
C#
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Primitives;
|
|
|
|
namespace Bit.Core.Utilities;
|
|
|
|
public sealed class SecurityHeadersMiddleware
|
|
{
|
|
private readonly RequestDelegate _next;
|
|
|
|
public SecurityHeadersMiddleware(RequestDelegate next)
|
|
{
|
|
_next = next;
|
|
}
|
|
|
|
public Task Invoke(HttpContext context)
|
|
{
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
|
context.Response.Headers.Append("x-frame-options", new StringValues("SAMEORIGIN"));
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
|
context.Response.Headers.Append("x-xss-protection", new StringValues("1; mode=block"));
|
|
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
|
context.Response.Headers.Append("x-content-type-options", new StringValues("nosniff"));
|
|
|
|
return _next(context);
|
|
}
|
|
}
|