juunas11/aspnetcore-security-headers

Issues

• Feature Request - Allow the CSP to be updated at run time

  #80 opened a month ago by PJTewkesbury
  0

• nonce is generating with + symbol but .net core is encoding it

  #79 opened 7 months ago by mohdyasar
  1

• Support new "report-to" directive and header.

  #40 opened 6 years ago by jpknoll
  3

• CspFontsBuilder doesn't allow CspFontSrcOptions.AllowDataScheme to be set

  #78 opened 7 months ago by paultew
  0

• Using Nonces with Blazor

  #77 opened 8 months ago by Clive321A
  0

• Configure CSP in appsettings.json but want to set OnSendingHeader

  #76 opened 9 months ago by litera
  1

• The GetNonce method returns an incorrect value during an ajax request

  #75 opened a year ago by Lukas-26
  0

• Using SHA. How do I use it?

  #69 opened 2 years ago by gatecrasher63
  4

• Appending nonce to scripts added as strings

  #71 opened 2 years ago by jplatfordquba
  1

• 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list

  #31 opened 6 years ago by ace37
  9

• Access the nonce value

  #61 opened 2 years ago by tlnorwood
  1

• Add CspReport Object

  #54 opened 3 years ago by Matti-Koopa
  1

• Add support of 'require-trusted-types-for' csp directive

  #57 opened 3 years ago by luber
  1

• Path in ReportViolationsTo causes 404 when using IIS

  #62 opened 2 years ago by Rakshasas
  1

• Add Antiforgery Token to report violations post.

  #63 opened 2 years ago by malylemire1
  1

• add nonce attribute for devextreme components

  #64 opened 2 years ago by Thabot011
  2

• Rename header "Feature Policy" to "Permissions-Policy"

  #65 opened 2 years ago by alexandrejulien
  1

• Alternative syntax

  #70 opened 2 years ago by gatecrasher63
  1

• Nonce not working in asp.net core mvc

  #45 opened 5 years ago by Ephaltes
  11

• Nonce is empty

  #68 opened 2 years ago by spaasis
  2

• Adding nonce to a div element with inline style

  #9 opened 7 years ago by henningst
  4

• Add support for report-sample

  #53 opened 4 years ago by j-hudecek
  1

• What about 'data' URIs?

  #36 opened 4 years ago by Zettersten
  1

• <div asp-validation-summary="All" ></div>

  #52 opened 4 years ago by V4A001
  2

• X-Content-Security-Policy

  #2 opened 4 years ago by Gaulomatic
  1

• asp.net core 2.1 UseHsts() naming conflict

  #20 opened 7 years ago by dotnetshadow
  3

• Usage with a single page application

  #51 opened 5 years ago by TheKnarf
  3

• Add a tag helper to automatically put SHA hash into CSP - alternative to nonce

  #47 opened 5 years ago by shand-obs
  2

• Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive:

  #49 opened 5 years ago by vankampenp
  1

• Add report options to UseXXssProtection

  #48 opened 5 years ago by jamesharling
  1

• .NET Core 3.0 Issues

  #46 opened 5 years ago by MCFHTAGENTS
  2

• Exclude Hsts middleware for asp.net core 2.2 version

  #38 opened 5 years ago by SychevIgor
  0

• Disable output of "upgrade-insecure-requests" in "report only" mode

  #42 opened 6 years ago by mgroetan
  3

• Add Security Headers in Response.OnStarting

  #39 opened 6 years ago by agilenut
  7

• Add support for checking response type before adding headers

  #14 opened 7 years ago by juunas11
  1

• Partial view issue

  #35 opened 6 years ago by JandosKh
  1

• CSP manifest-src directive not supported

  #32 opened 6 years ago by marcwittke
  3

• Add support for all security headers

  #28 opened 6 years ago by jcox86
  0

• Strict-dynamic support for frames

  #25 opened 6 years ago by cfletcher
  5

• Add support for `prefetch-src`

  #26 opened 6 years ago by MrMDavidson
  2

• ArgumentException: An item with the same key has already been added. Key: Strict-Transport-Security

  #23 opened 7 years ago by hades200082
  3

• Add Nonce support for other HTML elements that might have an inline style element

  #21 opened 7 years ago by hades200082
  5

• System.Argument Exception when using CSP middleware with UseStatusCodePagesWithReExecute middleware

  #19 opened 7 years ago by mattparry43
  4

• RandomNumberGenerator.GetBytes is not thread-safe

  #18 opened 7 years ago by Flavien
  4

• Support base-uri directive

  #17 opened 7 years ago by Flavien
  1

• Add IServiceCollection extensions for specifying options for middleware

  #15 opened 7 years ago by juunas11
  0

• Let application decide when to add CSP http header

  #12 opened 7 years ago by ahouben
  1

• upgrade-insecure-requests

  #10 opened 7 years ago by ajeckmans
  2

• Core 2.0 upgrade

  #6 opened 7 years ago by xperiandri
  4

• HstsOptions should work with Timespan class

  #4 opened 7 years ago by MovGP0
  4