Added security headers middleware. (#48)

fluxera · Oct 13, 2022 · 9104e11 · 9104e11
1 parent e44a8ba
commit 9104e11
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 0 deletions.
diff --git a/samples/ExampleService/ExampleServiceModule.cs b/samples/ExampleService/ExampleServiceModule.cs
@@ -43,6 +43,8 @@ public override void Configure(IApplicationInitializationContext context)
 
 			context.UseHttpsRedirection();
 
+			context.UseSecurityHeaders();
+
 			context.UseRouting();
 
 			context.UseEndpoints();

diff --git a/...uxera.Extensions.Hosting.Modules.AspNetCore/ApplicationInitializationContextExtensions.cs b/...uxera.Extensions.Hosting.Modules.AspNetCore/ApplicationInitializationContextExtensions.cs
@@ -3,6 +3,7 @@
 	using System.Collections.Generic;
 	using System.Linq;
 	using Fluxera.Extensions.DependencyInjection;
+	using global::AspNetCore.SecurityHeaders;
 	using JetBrains.Annotations;
 	using Microsoft.AspNetCore.Builder;
 	using Microsoft.AspNetCore.Http;
@@ -25,6 +26,17 @@ public static IApplicationInitializationContext UseHsts(this IApplicationInitial
 			return context;
 		}
 
+		/// <summary>
+		///     Adds middleware for writing security response headers.
+		/// </summary>
+		public static IApplicationInitializationContext UseSecurityHeaders(this IApplicationInitializationContext context)
+		{
+			WebApplication app = context.GetApplicationBuilder();
+			context.Log("UseSecurityHeaders", _ => app.UseSecurityHeaders());
+
+			return context;
+		}
+
 		/// <summary>
 		///     Adds middleware for redirecting HTTP Requests to HTTPS.
 		/// </summary>

diff --git a/src/Fluxera.Extensions.Hosting.Modules.AspNetCore/AspNetCoreModule.cs b/src/Fluxera.Extensions.Hosting.Modules.AspNetCore/AspNetCoreModule.cs
@@ -9,6 +9,7 @@
 	using Fluxera.Spatial.SystemTextJson;
 	using Fluxera.StronglyTypedId.SystemTextJson;
 	using Fluxera.ValueObject.SystemTextJson;
+	using global::AspNetCore.SecurityHeaders;
 	using JetBrains.Annotations;
 	using Microsoft.AspNetCore.Builder;
 	using Microsoft.Extensions.DependencyInjection;
@@ -88,6 +89,12 @@ public override void ConfigureServices(IServiceConfigurationContext context)
 				}));
 			}
 
+			// Add the Security Headers options.
+			if(!context.Environment.IsDevelopment())
+			{
+				context.Log("AddSecurityHeaders", services => services.AddSecurityHeaders());
+			}
+
 			// Configure the mvc builder.
 			MvcBuilderContainer container = context.Services.GetObject<MvcBuilderContainer>();
 			MvcBuilderContributorList contributorList = context.Services.GetObject<MvcBuilderContributorList>();

diff --git a/...xtensions.Hosting.Modules.AspNetCore/Fluxera.Extensions.Hosting.Modules.AspNetCore.csproj b/...xtensions.Hosting.Modules.AspNetCore/Fluxera.Extensions.Hosting.Modules.AspNetCore.csproj
@@ -38,6 +38,7 @@
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
 		<PackageReference Include="JetBrains.Annotations" Version="2022.1.0" />
+		<PackageReference Include="MadEyeMatt.AspNetCore.SecurityHeaders" Version="6.0.0" />
 		<PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.0.0-rc9.7" />
 	</ItemGroup>