0

我正在尝试使用 Asp Net Core 在静态文件响应中包含安全标头。当我使用单页应用程序时,我需要在 UseSpa 方法中包含该标题。

我在做什么:

app.UseWhen(x => !x.Request.Path.Value.StartsWith("/api"), builder =>
{
    app.UseSpa(spa =>
    {
        spa.Options.SourcePath = "ClientApp";

        spa.Options.DefaultPageStaticFileOptions = new StaticFileOptions()
        {
            OnPrepareResponse = ctx => {
                            
                var headers = ctx.Context.Response.GetTypedHeaders();
                headers.CacheControl = new CacheControlHeaderValue
                {
                    Public = true,
                    MaxAge = TimeSpan.FromDays(0)
                };

            }
        };

        if (env.IsDevelopment())
        {
            spa.UseReactDevelopmentServer(npmScript: "start");
        }
    });
});

使用 NWebSec 包,我想在 useSpa 方法中执行 Csp 中间件。

app.UseWhen(x => !x.Request.Path.Value.StartsWith("/api"), builder =>
{
    app.UseSpa(spa =>
    {
        spa.Options.SourcePath = "ClientApp";

        spa.Options.DefaultPageStaticFileOptions = new StaticFileOptions()
        {
            OnPrepareResponse = ctx => {
                            
                var headers = ctx.Context.Response.GetTypedHeaders();
                headers.CacheControl = new CacheControlHeaderValue
                {
                    Public = true,
                    MaxAge = TimeSpan.FromDays(0)
                };

                var appBuilder = //somehow get the appbuilder
                appBuilder.UseCsp(options => ...);
            }
        };

        if (env.IsDevelopment())
        {
            spa.UseReactDevelopmentServer(npmScript: "start");
        }
    });
});
4

0 回答 0