| MovGP0 | Über mich | Hilfen | Artikel | Weblinks | Literatur | Zitate | Notizen | Programmierung | MSCert | Physik |
|
|
Content Security Policy (CSP)
Bearbeiten- Allow content loading only from specified domains
| Http-Header | Loading |
|---|---|
| script-src | JavaScript |
| style-src | CSS-Files |
| img-src | Images |
| media-src | Audio/Video |
| frame-src | Frames |
| font-src | Fonts |
| default-src | All |
- Startup.cs
public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
{
app.UseCsp(options => options
// only allow to load resources from current server
.DefaultSources(s => s.Self())
// allow to load styles from current server and bootstrap
.StyleSources(s => s.Self().CustomSources("maxcdn.bootstrapcdn.com"))
.ReportUris(r => r.Uris("/report")) // uri to report CSP violations
);
app.UseCspReportOnly();
}
Quellen
Bearbeiten- Joonas Westlin: Content Security Policy (CSP) in ASP.NET Core. 1. Februar 2017, abgerufen am 12. Mai 2017 (englisch).
|}