NetEscapades.AspNetCore.SecurityHeaders 0.9.0

Middleware for ASP.NET Core to automatically add security headers to requests.

Install-Package NetEscapades.AspNetCore.SecurityHeaders -Version 0.9.0
dotnet add package NetEscapades.AspNetCore.SecurityHeaders --version 0.9.0
<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.9.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add NetEscapades.AspNetCore.SecurityHeaders --version 0.9.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Release Notes

Features:

* Add support for Nonce generation for Content-Security-Policy headers. See README.md for details
* Add TagHelpers library for adding nonces and generating hashes for Razor elements (https://www.nuget.org/packages/NetEscapades.AspNetCore.SecurityHeaders.TagHelpers/)
* Allow using HSTS preload with Strict-Transport-Security
* Allow excluding domains from Strict-Transport-Security. Similar to the Microsoft HstsMiddlewareyou can skip applying Strict-Transport-Security to specific hosts

Breaking Changes:

* All obsolete classes have been removed.
* Many classes have changed namespace to better reflect their location in the project, and also to aid discovery. If you're using the recommended builders and extension methods, you should not have any build-time breaking changes, but the package is not runtime-compatible with previous versions
* The Strict-Transport-Security header is no longer applied to localhost by default. Generally speaking, this isn't something you should do anyway.
* The CSP classes have undergone significant refactoring to allow dynamic values per-request (i.e. nonces). This doesn't affect the main public API, but will impact you if you're working with the low-level infrastructure classes.


See https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders/blob/master/CHANGELOG.md#v090 for more details.

Showing the top 3 GitHub repositories that depend on NetEscapades.AspNetCore.SecurityHeaders:

Repository Stars
dotnet/orleans
Orleans - Distributed Virtual Actor Model
asadsahi/AspNetCoreSpa
Asp.Net Core 2.2 & Angular 7 SPA Fullstack application with plenty of examples. Live demo:
grandnode/grandnode
Free and Open Source Ecommerce Shopping Cart solution based on ASP.NET CORE and MongoDB

Version History

Version Downloads Last updated
0.9.0 110,700 10/28/2018
0.8.0 4,081 10/10/2018
0.7.1 6,147 8/29/2018
0.7.0 37,796 1/14/2018
0.6.0 2,228 12/11/2017
0.5.0 712 12/5/2017
0.4.1 22,940 9/27/2017
0.3.1 35,841 4/14/2017
0.3.0 6,088 3/1/2017
0.2.1 13,066 9/14/2016
0.1.1 695 8/12/2016
0.1.0 429 8/2/2016
0.1.0-beta-0003 332 6/2/2016