Git Product home page Git Product logo

lib.aspnetcore.security's Introduction

Lib.AspNetCore.Security

NuGet Version

NuGet Version

Lib.AspNetCore.Security is a library which provides security features like Content Security Policy, Strict Transport Security or Expect-CT for ASP.NET Core

Getting Started

You can get Lib.AspNetCore.Security and Lib.AspNetCore.Mvc.Security from NuGet.

PM>  Install-Package Lib.AspNetCore.Security

PM>  Install-Package Lib.AspNetCore.Mvc.Security

Documentation

The documentation is available here.

There are also blog posts available describing key features of the library (some of them have been written in context of ASP.NET MVC or previous versions of this library but the core idea haven't changed):

Demos

The demo project is available here.

Donating

My blog and open source projects are result of my passion for software development, but they require a fair amount of my personal time. If you got value from any of the content I create, then I would appreciate your support by sponsoring me (either monthly or one-time).

Copyright and License

Copyright © 2016 - 2024 Tomasz Pęczek

Licensed under the MIT License

lib.aspnetcore.security's People

Contributors

den-dp avatar tpeczek avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

senthil-curated-ref 109163101120 markchipman jords1987 den-dp

lib.aspnetcore.security's Issues

Adding directly to the CSP sources from controller

Hi,

Just downloaded this porject and it looks great, want to know if it will accomodate one of my requirements... I have a controller that is returning
return Content(<html><script>{window.top.location.href = \" Request.Scheme}://{Request.Host}/Error/Index\"}</script><body></body></html>

This is being used to break out of an iframe.

I want to be able to generate the hash for this and add it to the CSP header on the fly.

Can you think of a way to achieve this with this library.

Thanks for any help

Would you consider contributing to NWebSec?

I've been using NWebSec for some time for security related HTTP headers etc. as it's pretty comprehensive and popular. Both NWebSec and your library have a fair amount of overlap while still having some features missing in both. Would you consider contributing to NWebSec to produce a one-stop shop for all your ASP.NET Core security needs? In particular I'm thinking about:

Add support for X-Permitted-Cross-Domain-Policies header

HTTP header used for informing Adobe products (PDF, Flash) as to how to handle cross domain policies. Allowed directives:

  • none - No policy files are allowed anywhere on the target server, including this master policy file.
  • master-only - Only this master policy file is allowed.
  • by-content-type - Only policy files served with Content-Type: text/x-cross-domain-policy are allowed.
  • all - All policy files on this target domain are allowed.

Feedback

This issue is for general feedback regarding this project.

Add support for X-Download-Options header

The IE/Edge only HTTP header with one possible directive: X-Download-Options: noopen, which instructs the browser not to open a download directly in the browser, but instead to provide only the ‘Save’ option.

Make nonce-source generation secure

The current generation of nonce-source is not secure. From specification:

The generated value SHOULD be at least 128 bits long (before encoding), and SHOULD be generated via a cryptographically secure random number generator in order to ensure that the value is difficult for an attacker to predict.

Add hashes caching support in Content Security Policy tag helper

Currently the Content Security Policy tag helper is generating the hash every time, but in case where the content of style or script element is constant the hash could be cached. The desire to cache the hash could be indicated by providing cache vale for tag helper attribute: asp-csp="cache"

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.