nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 08:02:49 -05:00
Code Activity

Added middleware for general security headers (#1700)

Browse Source
This commit is contained in:
Kyle Spearrin
2021-11-09 11:37:14 -05:00
committed by GitHub
parent f26a235964
commit 327e784336
10 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/Core/Utilities/SecurityHeadersMiddleware.cs Normal file
View File

@ -0,0 +1,30 @@
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
namespace Bit.Core.Utilities
{
public sealed class SecurityHeadersMiddleware
{
private readonly RequestDelegate _next;
public SecurityHeadersMiddleware(RequestDelegate next)
{
_next = next;
}
public Task Invoke(HttpContext context)
{
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
context.Response.Headers.Add("x-frame-options", new StringValues("SAMEORIGIN"));
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
context.Response.Headers.Add("x-xss-protection", new StringValues("1; mode=block"));
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
context.Response.Headers.Add("x-content-type-options", new StringValues("nosniff"));
return _next(context);
}
}
}