NetEscapades.AspNetCore.SecurityHeaders
0.9.0
Middleware for ASP.NET Core to automatically add security headers to requests.
Install-Package NetEscapades.AspNetCore.SecurityHeaders -Version 0.9.0
dotnet add package NetEscapades.AspNetCore.SecurityHeaders --version 0.9.0
<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.9.0" />
paket add NetEscapades.AspNetCore.SecurityHeaders --version 0.9.0
Release Notes
Features:
* Add support for Nonce generation for Content-Security-Policy headers. See README.md for details
* Add TagHelpers library for adding nonces and generating hashes for Razor elements (https://www.nuget.org/packages/NetEscapades.AspNetCore.SecurityHeaders.TagHelpers/)
* Allow using HSTS preload with Strict-Transport-Security
* Allow excluding domains from Strict-Transport-Security. Similar to the Microsoft HstsMiddlewareyou can skip applying Strict-Transport-Security to specific hosts
Breaking Changes:
* All obsolete classes have been removed.
* Many classes have changed namespace to better reflect their location in the project, and also to aid discovery. If you're using the recommended builders and extension methods, you should not have any build-time breaking changes, but the package is not runtime-compatible with previous versions
* The Strict-Transport-Security header is no longer applied to localhost by default. Generally speaking, this isn't something you should do anyway.
* The CSP classes have undergone significant refactoring to allow dynamic values per-request (i.e. nonces). This doesn't affect the main public API, but will impact you if you're working with the low-level infrastructure classes.
See https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders/blob/master/CHANGELOG.md#v090 for more details.
Dependencies
-
.NETFramework 4.5.1
- Microsoft.AspNetCore.Http.Abstractions (>= 1.0.3)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 1.0.2)
- Microsoft.Extensions.Options (>= 1.0.2)
-
.NETStandard 1.3
- Microsoft.AspNetCore.Http.Abstractions (>= 1.0.3)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 1.0.2)
- Microsoft.Extensions.Options (>= 1.0.2)
- NETStandard.Library (>= 1.6.1)
-
.NETStandard 2.0
- Microsoft.AspNetCore.Http.Abstractions (>= 2.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 2.0.0)
- Microsoft.Extensions.Options (>= 2.0.0)
GitHub Usage
Showing the top 3 GitHub repositories that depend on NetEscapades.AspNetCore.SecurityHeaders:
| Repository | Stars | |
|---|---|---|
|
dotnet/orleans
Orleans - Distributed Virtual Actor Model
|
||
|
asadsahi/AspNetCoreSpa
Asp.Net Core 2.2 & Angular 7 SPA Fullstack application with plenty of examples. Live demo:
|
||
|
grandnode/grandnode
Free and Open Source Ecommerce Shopping Cart solution based on ASP.NET CORE and MongoDB
|
Version History
| Version | Downloads | Last updated | ||
|---|---|---|---|---|
| 0.9.0 | 110,700 | 10/28/2018 | ||
| 0.8.0 | 4,081 | 10/10/2018 | ||
| 0.7.1 | 6,147 | 8/29/2018 | ||
| 0.7.0 | 37,796 | 1/14/2018 | ||
| 0.6.0 | 2,228 | 12/11/2017 | ||
| 0.5.0 | 712 | 12/5/2017 | ||
| 0.4.1 | 22,940 | 9/27/2017 | ||
| 0.3.1 | 35,841 | 4/14/2017 | ||
| 0.3.0 | 6,088 | 3/1/2017 | ||
| 0.2.1 | 13,066 | 9/14/2016 | ||
| 0.1.1 | 695 | 8/12/2016 | ||
| 0.1.0 | 429 | 8/2/2016 | ||
| 0.1.0-beta-0003 | 332 | 6/2/2016 |