Adds extra http headers to response (COOP, COEP, CORP, X-Frame-Options, X-Content-Type-Options)
- Referrer-Policy
- X-Content-Type-Options (NoSniff)
- X-Frame-Options
- Cross-Origin-Resource-Policy (CORP)
- Cross-Origin-Embedder-Policy (COEP)
- Cross-Origin-Opener-Policy (COOP)
using AspNetCore.Essentials;
public void Configure(IApplicationBuilder app)
{
app.AddReferrerPolicy(ReferrerPolicy.StrictOriginWhenCrossOrigin);
app.AddXContentTypeOptions(XContentOptions.NoSniff);
app.AddXFrameOptions(XFrameOptions.SameOrigin);
app.AddCrossOriginEmbedderPolicy(CrossOriginEmbedderPolicy.RequireCorp);
app.AddCrossOriginOpenerPolicy(CrossOriginOpenerPolicy.SameOrigin);
app.AddCrossOriginResourcePolicy(CrossOriginResourcePolicy.SameOrigin);
}
public void Prepare(HttpResponse response)
{
response.SetReferrerPolicy(ReferrerPolicy.StrictOriginWhenCrossOrigin);
response.SetXContentTypeOptions(XContentOptions.NoSniff);
response.SetXFrameOptions(XFrameOptions.SameOrigin);
response.SetCrossOriginEmbedderPolicy(CrossOriginEmbedderPolicy.RequireCorp);
response.SetCrossOriginOpenerPolicy(CrossOriginOpenerPolicy.SameOrigin);
response.SetCrossOriginResourcePolicy(CrossOriginResourcePolicy.SameOrigin);
}