MovGP0        Über mich        Hilfen        Artikel        Weblinks        Literatur        Zitate        Notizen        Programmierung        MSCert        Physik      

Content Security Policy (CSP)

Bearbeiten
  • Allow content loading only from specified domains
Http-Header Loading
script-src JavaScript
style-src CSS-Files
img-src Images
media-src Audio/Video
frame-src Frames
font-src Fonts
default-src All
Startup.cs
public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
{
    app.UseCsp(options => options
        // only allow to load resources from current server
        .DefaultSources(s => s.Self()) 
        // allow to load styles from current server and bootstrap
        .StyleSources(s => s.Self().CustomSources("maxcdn.bootstrapcdn.com")) 
        .ReportUris(r => r.Uris("/report")) // uri to report CSP violations
    );

    app.UseCspReportOnly();
}

|}