-
Notifications
You must be signed in to change notification settings - Fork 0
Recommended configuration for ASP.NET Core
Marthijn van den Heuvel edited this page Mar 18, 2026
·
4 revisions
In Program.cs:
using Sidio.Web.Security.AspNetCore;
using Sidio.Web.Security.AspNetCore.ContentSecurityPolicy;
// ...
// ### service configuration:
builder
.Services
.AddContentSecurityPolicy();
// ----------
// ### policy configuration:
// secure cookie policy
app.UseSecureCookiePolicy();
// ### middleware configuration:
// Microsoft middleware
app.UseHttpsRedirection();
// csp
app.UseContentSecurityPolicy(
(services, b) =>
{
b.AddDefaultSrc(x => x.AllowSelf());
b.AddScriptSrc(x => x.AllowStrictDynamic().AddNonce(services));
b.AddStyleSrc(x => x.AddNonce(services));
b.SetFrameAncestors(x => x.AllowNone());
b.UpgradeInsecureRequests();
});
// x-frame-options
app.UseXFrameOptions();
// x-content-type-options
app.UseXContentTypeOptions();
// hsts
app.UseStrictTransportSecurity();
// referrer-policy
app.UseReferrerPolicy();Parts of this wiki may come from, or be based on, the MDN Web Doc's. Documentation by Mozilla Contributors is licensed under CC-BY-SA 2.5 or any later version.