From 4516a6bc157f28c607002d52110185e9214914d2 Mon Sep 17 00:00:00 2001
From: Shahab <shahabganji@gmail.com>
Date: Sat, 6 Sep 2025 17:31:27 +0200
Subject: [PATCH 1/3] Add security headers for enhanced protection

Integrated `NetEscapades.AspNetCore.SecurityHeaders` to enforce default and API-specific security header policies. Updated `Program.cs` to define and use the new security header configurations. Modified project files and dependencies to reference the necessary package for implementation. These updates improve application security against common vulnerabilities.
---
 src/LinkDotNet.Blog.Web/LinkDotNet.Blog.Web.csproj | 1 +
 src/LinkDotNet.Blog.Web/Program.cs                 | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/src/LinkDotNet.Blog.Web/LinkDotNet.Blog.Web.csproj b/src/LinkDotNet.Blog.Web/LinkDotNet.Blog.Web.csproj
index 4625b7a6..69da7b48 100644
--- a/src/LinkDotNet.Blog.Web/LinkDotNet.Blog.Web.csproj
+++ b/src/LinkDotNet.Blog.Web/LinkDotNet.Blog.Web.csproj
@@ -19,6 +19,7 @@
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
 		<PackageReference Include="Microsoft.Extensions.Options"/>
+		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders"/>
 		<PackageReference Include="ReverseMarkdown"/>
 		<PackageReference Include="System.ServiceModel.Syndication"/>
 	</ItemGroup>
diff --git a/src/LinkDotNet.Blog.Web/Program.cs b/src/LinkDotNet.Blog.Web/Program.cs
index 2c08dc54..7cc5f4e2 100644
--- a/src/LinkDotNet.Blog.Web/Program.cs
+++ b/src/LinkDotNet.Blog.Web/Program.cs
@@ -6,6 +6,7 @@
 using LinkDotNet.Blog.Web.RegistrationExtensions;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Diagnostics.HealthChecks;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 
 namespace LinkDotNet.Blog.Web;
@@ -25,6 +26,10 @@ public static async Task Main(string[] args)
 
     private static void RegisterServices(WebApplicationBuilder builder)
     {
+        builder.Services.AddSecurityHeaderPolicies()
+            .SetDefaultPolicy(p => p.AddDefaultSecurityHeaders())
+            .AddPolicy("API", p => p.AddDefaultApiSecurityHeaders());
+
         builder.Services
             .AddHostingServices()
             .AddConfiguration()
@@ -49,6 +54,8 @@ private static void RegisterServices(WebApplicationBuilder builder)
 
     private static void ConfigureApp(WebApplication app)
     {
+        app.UseSecurityHeaders();
+
         if (app.Environment.IsDevelopment())
         {
             app.UseDeveloperExceptionPage();

From c71410f84d6b6f9c5b8c09a072d4b4651ce414ee Mon Sep 17 00:00:00 2001
From: Shahab <shahabganji@gmail.com>
Date: Sat, 6 Sep 2025 17:41:43 +0200
Subject: [PATCH 2/3] Add new package for security headers

Included `NetEscapades.AspNetCore.SecurityHeaders` in `Directory.Packages.props` to enhance security header configurations. This addition supports improved protection against web vulnerabilities by leveraging default policies provided by the package. No functional changes yet; the package has been added for future integration.
---
 Directory.Packages.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 87fba0d8..7bdf04ab 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -32,6 +32,7 @@
     <PackageVersion Include="NCronJob" Version="4.5.4" />
     <PackageVersion Include="ReverseMarkdown" Version="4.7.0" />
     <PackageVersion Include="System.ServiceModel.Syndication" Version="9.0.8" />
+		<PackageVersion Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.1.0"/>
   </ItemGroup>
   <ItemGroup Label="Tests">
     <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="9.0.8" />

From fc40380f5659936bb8620f6554f1af23edfc1b83 Mon Sep 17 00:00:00 2001
From: Shahab <shahabganji@gmail.com>
Date: Sat, 6 Sep 2025 18:11:14 +0200
Subject: [PATCH 3/3] Enhance security header policies with stricter controls

Added Cross-Origin Embedder Policy with UnsafeNone directive to enable embedding YouTube videos, and stricter Permissions Policy for camera, microphone, and geolocation. These updates improve protection against cross-origin attacks and unauthorized access. Updated service configurations in `Program.cs` to apply these enhanced measures. This change bolsters application security and adheres to best practices.
---
 src/LinkDotNet.Blog.Web/Program.cs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/LinkDotNet.Blog.Web/Program.cs b/src/LinkDotNet.Blog.Web/Program.cs
index 7cc5f4e2..58265197 100644
--- a/src/LinkDotNet.Blog.Web/Program.cs
+++ b/src/LinkDotNet.Blog.Web/Program.cs
@@ -27,7 +27,15 @@ public static async Task Main(string[] args)
     private static void RegisterServices(WebApplicationBuilder builder)
     {
         builder.Services.AddSecurityHeaderPolicies()
-            .SetDefaultPolicy(p => p.AddDefaultSecurityHeaders())
+            .SetDefaultPolicy(p =>
+                p.AddDefaultSecurityHeaders()
+                    .AddCrossOriginEmbedderPolicy(policy => policy.UnsafeNone())
+                    .AddPermissionsPolicy(policy =>
+                    {
+                        policy.AddCamera().None();
+                        policy.AddMicrophone().None();
+                        policy.AddGeolocation().None();
+                    }))
             .AddPolicy("API", p => p.AddDefaultApiSecurityHeaders());
 
         builder.Services