Adding the Content-Security-Policy header

The Content-Security-Policy header protects your application by whitelisting the sources of approved content and preventing the browser from loading malicious resources. This can be added by adding the NWebsec.Owin package from NuGet and defining it in the Configure method of the Startup class as follows:

app.UseCsp(options => options
.DefaultSources(s => s.Self())
.ScriptSources(s => s.Self()));

In the preceding code, we have mentioned the DefaultSources and ScriptSources to load all the resources from the same origin. If there are any scripts or images that need to be loaded from external sources, we can define the custom sources as follows: 

app.UseCsp(options => options
  .DefaultSources(s => s.Self()).ScriptSources(s => s.Self().CustomSources("https://ajax.googleapis.com")));

 For the complete documentation on this topic, please refer to the following URL: https://docs.nwebsec.com/en/4.1/nwebsec/Configuring-csp.html.

上一章目录下一章