Benutzer:MovGP0/ASP.NET Core/CSP
aus Wikipedia, der freien Enzyklopädie
Content Security Policy (CSP)
- Allow content loading only from specified domains
Http-Header |
Loading
|
script-src |
JavaScript
|
style-src |
CSS-Files
|
img-src |
Images
|
media-src |
Audio/Video
|
frame-src |
Frames
|
font-src |
Fonts
|
default-src |
All
|
- Startup.cs
public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
{
app.UseCsp(options => options
// only allow to load resources from current server
.DefaultSources(s => s.Self())
// allow to load styles from current server and bootstrap
.StyleSources(s => s.Self().CustomSources("maxcdn.bootstrapcdn.com"))
.ReportUris(r => r.Uris("/report")) // uri to report CSP violations
);
app.UseCspReportOnly();
}
Quellen
|