Comments (8)
Side note: Your implementation won't work in many scenarios.
https://github.com/sblackler/Owin.Hsts/blob/master/Owin.Hsts/HstsMiddleware.cs#L27
The response headers can be sent during the call to Next, so changes done after Next may fail. You should move all that logic to the OnSendingHeaders event. See http://owin.org/spec/CommonKeys.html
from security.
Ah, I didn't realise that was there. I'll fix that this evening when I get a chance.
from security.
Updated to use OnSendingHeaders (commit: https://github.com/sblackler/Owin.Hsts/commit/f69e78df94ccfabc1fd8000717717cf42d9201b7)
from security.
from security.
Given multiple implementations, including nwebsec from @klings I don't feel providing a more limited middleware is that useful.
from security.
@blowdart thanks for the info about nwebsec. Didn't realise that existed (don't know if it did a year a go when I started this). I think it would be good to raise awareness for stuff like this, maybe through a blog post or something? :)
from security.
That would be a good idea. I'll find someone that blogs and poke them with a stick.
from security.
Or https://github.com/StefanOssendorf/SecurityHeadersMiddleware/ ;-)
from security.
Related Issues (20)
- About policy in Multiple Schemes 403 problem HOT 2
- AVRO serialization error - Could not find any matching known type for 'Newtonsoft.Json.Linq.JToken' using c# HOT 3
- How to Validate AccessToken in WebAPI core 2.0 getting from IdentityServer3 HOT 1
- Multiple refresh for authentication on server HOT 33
- Oauth MicrosoftAccount Token Request Issue HOT 6
- OAuth redirect_uri using http instead of https on Azure App Service Linux HOT 9
- Is there a way to Decrypt encrypted SAML token?? HOT 9
- Set redirect from authorization handler HOT 5
- JWT payload "unique_name" not mapped correctly HOT 2
- .
- HttpContext.SignInAsync sets null to Identity claims data HOT 3
- Handling incomplete remote signouts HOT 15
- .net core api authentication using ws-federation HOT 7
- AuthenticationProperties object is not passed to ChallengeAsync / ForbidAsync HOT 11
- [Net Core 2.0] AccessDeniedPath ignored in cookie authentication HOT 1
- Docker Swarm + nginx + WS-Federation: multiple redirection issue HOT 33
- SSO for Microsoft Outlook using auth0 HOT 6
- Redirect URI is ignored HOT 2
- Wctx parameter getting overridden, breaking functionality HOT 8
- ASP.NET Core OpenId Authentication in Container with TLS Termination in WAF HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security.