From 37cb182253e9dadba91bbf14833f4cb8e6d90495 Mon Sep 17 00:00:00 2001 From: Kull1z <32952194+Kull1z@users.noreply.github.com> Date: Wed, 4 Sep 2024 10:51:32 +0200 Subject: [PATCH 1/3] Update stricttransportsecurityheader.md Added info so that you can set a timespan for HSTS. --- .../guides/stricttransportsecurityheader.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md b/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md index 77c34c42e63..fd5913d3c52 100644 --- a/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md +++ b/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md @@ -31,6 +31,17 @@ else } //... } +``` +Add this to Program.cs to be able to set a timespan for HSTS, preferbly six months. + +```csharp +builder.Services.AddHsts(options => +{ + options.MaxAge = TimeSpan.FromDays(180); + options.IncludeSubDomains = true; + options.Preload = true; +}); + ``` This example only enables HSTS if the app is not running in development mode. `UseHsts` isn't recommended in development because the HSTS settings are highly cacheable by browsers. From 1aefcb68c9a29cd8dcb3bd8bc3cb93f453240b67 Mon Sep 17 00:00:00 2001 From: sofietoft Date: Thu, 5 Sep 2024 08:41:24 +0200 Subject: [PATCH 2/3] Small restructure of the sentence --- .../health-check/guides/stricttransportsecurityheader.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md b/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md index fd5913d3c52..23406cf74b6 100644 --- a/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md +++ b/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md @@ -32,7 +32,8 @@ else //... } ``` -Add this to Program.cs to be able to set a timespan for HSTS, preferbly six months. + +It is possible to configure a timespan for the HSTS, preferbly six months. This can be done by adding the following to the `Program.cs` file: ```csharp builder.Services.AddHsts(options => From d4cab54d254be198386394fbd55b8001e8652a24 Mon Sep 17 00:00:00 2001 From: sofietoft Date: Thu, 19 Sep 2024 13:01:34 +0200 Subject: [PATCH 3/3] Replace code sample with external link --- .../guides/stricttransportsecurityheader.md | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md b/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md index 23406cf74b6..72cea315e11 100644 --- a/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md +++ b/14/umbraco-cms/extending/health-check/guides/stricttransportsecurityheader.md @@ -33,18 +33,8 @@ else } ``` -It is possible to configure a timespan for the HSTS, preferbly six months. This can be done by adding the following to the `Program.cs` file: - -```csharp -builder.Services.AddHsts(options => -{ - options.MaxAge = TimeSpan.FromDays(180); - options.IncludeSubDomains = true; - options.Preload = true; -}); - -``` - This example only enables HSTS if the app is not running in development mode. `UseHsts` isn't recommended in development because the HSTS settings are highly cacheable by browsers. -Full details of `UseHsts`, and additional configuration, can be found in the [ASP.NET Core documentation](https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-5.0\&tabs=visual-studio#http-strict-transport-security-protocol-hsts-1). +It is possible to configure a timespan for the HSTS, preferably six months. This can be done by adding a new builder to the `Program.cs` file. Learn more in the [official Microsoft Documentation](https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-8.0&tabs=visual-studio%2Clinux-ubuntu#http-strict-transport-security-protocol-hsts). + +Full details of `UseHsts`, and additional configuration, can be found in the [ASP.NET Core documentation](https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-8.0&tabs=visual-studio%2Clinux-ubuntu#http-strict-transport-security-protocol-hsts).