我正在尝试使用 Asp Net Core 在静态文件响应中包含安全标头。当我使用单页应用程序时,我需要在 UseSpa 方法中包含该标题。
我在做什么:
app.UseWhen(x => !x.Request.Path.Value.StartsWith("/api"), builder =>
{
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
spa.Options.DefaultPageStaticFileOptions = new StaticFileOptions()
{
OnPrepareResponse = ctx => {
var headers = ctx.Context.Response.GetTypedHeaders();
headers.CacheControl = new CacheControlHeaderValue
{
Public = true,
MaxAge = TimeSpan.FromDays(0)
};
}
};
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
});
使用 NWebSec 包,我想在 useSpa 方法中执行 Csp 中间件。
app.UseWhen(x => !x.Request.Path.Value.StartsWith("/api"), builder =>
{
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
spa.Options.DefaultPageStaticFileOptions = new StaticFileOptions()
{
OnPrepareResponse = ctx => {
var headers = ctx.Context.Response.GetTypedHeaders();
headers.CacheControl = new CacheControlHeaderValue
{
Public = true,
MaxAge = TimeSpan.FromDays(0)
};
var appBuilder = //somehow get the appbuilder
appBuilder.UseCsp(options => ...);
}
};
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
});