Last post Feb 15, 2015 09:40 AM by BrockAllen
Feb 15, 2015 01:53 AM|fan2005|LINK
Our Security consultant advised us setting content- security-policy for each data sending to client.
I read some links about httpheader , but I don't know where in my code I should use this setting or should I do setting in web-config files.
thanks for your help.
Feb 15, 2015 09:40 AM|BrockAllen|LINK
We do it in IdentityServer3 (as a filter). You can look at the code to get an idea: