Skip to content

Commit

Permalink
Update security headers
Browse files Browse the repository at this point in the history
  • Loading branch information
damienbod committed Oct 13, 2024
1 parent 24ebad0 commit 45ff1b5
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions content/BlazorBffAzureAD/Server/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
using NetEscapades.AspNetCore.SecurityHeaders.Infrastructure;

var builder = WebApplication.CreateBuilder(args);

Expand All @@ -13,7 +14,14 @@

var services = builder.Services;
var configuration = builder.Configuration;
var env = builder.Environment;

services.AddSecurityHeaderPolicies()
.SetPolicySelector((PolicySelectorContext ctx) =>
{
return SecurityHeadersDefinitions.GetHeaderPolicyCollection(
builder.Environment.IsDevelopment(),
configuration["AzureAd:Instance"]);
});

services.AddScoped<MsGraphService>();
services.AddScoped<CaeClaimsChallengeService>();
Expand Down Expand Up @@ -50,7 +58,7 @@

var app = builder.Build();

if (env.IsDevelopment())
if (app.Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseWebAssemblyDebugging();
Expand All @@ -60,9 +68,7 @@
app.UseExceptionHandler("/Error");
}

app.UseSecurityHeaders(
SecurityHeadersDefinitions.GetHeaderPolicyCollection(env.IsDevelopment(),
configuration["AzureAd:Instance"]));
app.UseSecurityHeaders();

app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
Expand Down

0 comments on commit 45ff1b5

Please sign in to comment.