From d10394047742d5230b58dc2b25374a319a8581a8 Mon Sep 17 00:00:00 2001 From: Rohit Shrivastava Date: Fri, 25 Oct 2024 10:19:45 +0100 Subject: [PATCH] Xframe settings test --- DigitalLearningSolutions.Web/Startup.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DigitalLearningSolutions.Web/Startup.cs b/DigitalLearningSolutions.Web/Startup.cs index 193bdd1d2f..405c75f3dc 100644 --- a/DigitalLearningSolutions.Web/Startup.cs +++ b/DigitalLearningSolutions.Web/Startup.cs @@ -596,11 +596,11 @@ public void Configure(IApplicationBuilder app, IMigrationRunner migrationRunner, "font-src https://script.hotjar.com https://assets.nhs.uk/; " + "connect-src 'self' http: ws:; " + "img-src 'self' data: https:; " + + "frame-ancestors *" + "frame-src 'self' https:"); context.Response.Headers.Add("Referrer-Policy", "no-referrer"); context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); - context.Response.Headers.Add("X-Frame-Options", "deny"); context.Response.Headers.Add("X-XSS-protection", "0"); await next(); });