-
Notifications
You must be signed in to change notification settings - Fork 0
/
Startup.cs
125 lines (111 loc) · 4.9 KB
/
Startup.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
namespace webhintMvcCoreArticle
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
this.RemoveAndSetSecurityRelatedHeaders(app);
app.UseHttpsRedirection();
app.UseStaticFiles(new StaticFileOptions
{
OnPrepareResponse = ctx =>
{
Console.WriteLine("Header " + ctx.Context.Response.Headers["Content-Type"]);
Console.WriteLine(ctx.Context.Request.Path);
Console.WriteLine();
Console.WriteLine();
if (ctx.Context.Request.Path.HasValue)
{
if(ctx.Context.Request.Path.Value.ToLower().Contains(".ico")){
// don't change for .ico files
return;
}
else if(ctx.Context.Request.Path.Value.ToLower().Contains(".js")){
var newContentType = "text/javascript; charset=utf-8";
ctx.Context.Response.Headers.Remove("Content-Type");
ctx.Context.Response.Headers.Append("Content-Type", newContentType);
return;
}
if (ctx.Context.Response.Headers.TryGetValue("Content-Type", out var header))
{
var newContentType = ctx.Context.Response.Headers["Content-Type"] += "; charset=utf-8";
ctx.Context.Response.Headers.Remove("Content-Type");
ctx.Context.Response.Headers.Append("Content-Type", newContentType);
}
else
{
ctx.Context.Response.Headers.Append("Content-Type", "charset=utf-8");
Console.WriteLine("new header");
}
Console.WriteLine("after Header " + ctx.Context.Response.Headers["Content-Type"]);
Console.WriteLine("--------------------------");
}
}
});
app.UseCookiePolicy();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
private void RemoveAndSetSecurityRelatedHeaders(IApplicationBuilder app)
{
// Registered before static files to always set header
// 'strict-transport-security' header 'max-age' value should be more than 10886400
app.UseHsts(options => options.MaxAge(days: 180).IncludeSubdomains());
app.UseXContentTypeOptions();
app.UseReferrerPolicy(opts => opts.NoReferrer());
app.UseXXssProtection(options => options.EnabledWithBlockMode());
app.UseXfo(options => options.Deny());
app.UseCsp(opts => opts
.BlockAllMixedContent()
.StyleSources(s => s.Self())
.StyleSources(s => s.UnsafeInline())
.FontSources(s => s.Self())
.FormActions(s => s.Self())
.FrameAncestors(s => s.Self())
.ImageSources(s => s.Self())
.ScriptSources(s => s.Self())
);
}
}
}