You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| 9 | Removed support for both .NET 6 and .NET 7 as these are no longer supported by Microsoft. It also adds support for .NET 9. <br /> A number of small optimisation have been made to the middleware's `Invoke` method <br /> Added support for both Cross-Origin-Opener-Policy (CORP) and Cross-Origin-Embedder-Policy (COEP) headers <br/> Increased documentation coverage for Content-Security-Policy directive generation |
14
+
| 9 | Removed support for both .NET 6 and .NET 7 as these are no longer supported by Microsoft. It also adds support for .NET 9. <br /> A number of small optimisation have been made to the middleware's `Invoke` method <br /> Added support for both Cross-Origin-Opener-Policy (CORP) and Cross-Origin-Embedder-Policy (COEP) headers <br /> Added support for Clear-Site-Data header with path-specific configuration for logout scenarios <br/> Increased documentation coverage for Content-Security-Policy directive generation |
15
15
| 8 | Removed support for ASP .NET Core on .NET Framework workflows; example and test projects now have OwaspHeaders.Core prefix, re-architected some of the test classes |
16
16
| 7 | Added Cross-Origin-Resource-Policy header to list of defaults; simplified the use of the middleware in Composite Root/Program.cs |
17
17
| 6 | Removes Expect-CT Header from the list of default headers |
@@ -27,6 +27,23 @@ This version dropped support for .NET 6 and .NET 7, as they are no longer suppor
27
27
28
28
All projects in the [GitHub repo](https://github.com/GaProgMan/OwaspHeaders.Core) now build and run with either .NET 8 or .NET 9, whichever is present (deferring to the highest version number if both are present). As of November 19th, 2024 there are no new features in Version 9, so if you still need to use the NuGet package with .NET 6 or 7 please use Version 8 of the package.
29
29
30
+
#### Version 9.9.x
31
+
32
+
This version adds support for the Clear-Site-Data HTTP header, addressing issue #32 and implementing the OWASP Secure Headers Project recommendation. The Clear-Site-Data header instructs browsers to clear client-side data (cache, cookies, storage) for specific paths, which is particularly important for logout endpoints to ensure complete session termination and prevent session hijacking.
33
+
34
+
**New Features:**
35
+
36
+
- Clear-Site-Data header support with path-specific configuration
- Support for all standard directives: "cache", "cookies", "storage", "executionContexts", and wildcard "*"
39
+
- Enum-based type safety with `ClearSiteDataOptions`
40
+
- Path-specific customization of which data types to clear
41
+
- Integration with existing middleware builder pattern
42
+
- Comprehensive documentation and examples for logout scenarios
43
+
- Full backward compatibility with existing configurations
44
+
45
+
See the [Clear-Site-Data documentation](https://gaprogman.github.io/OwaspHeaders.Core/configuration/Clear-Site-Data/) for detailed configuration options and examples.
46
+
30
47
#### Version 9.8.x
31
48
32
49
This version introduces comprehensive logging support via the `ILogger<SecureHeadersMiddleware>` interface, following Andrew Lock's high-performance logging best practices. The logging functionality provides visibility into middleware operations, helping developers troubleshoot configuration issues and monitor security header application.
0 commit comments