Last post Jul 12, 2017 11:55 AM by priyalwalpita
Jul 12, 2017 05:54 AM|TheCoder007|LINK
I am developing a MVC core web application and i am in the process of hardning the security of the application. My current question is , is it usefull to implement the CSP ( Content Security Policy ) in a web application ?
How we can implement the CSP in ASP.Met Core MVC application ?
Jul 12, 2017 11:55 AM|priyalwalpita|LINK
If you implement the Content Security Policy in your application, it will prevent execution any java script which you are not White listed in your View. CSP is a set of white lists which you permit to execute.
in ASP.Net Core MVC you can enable the CSP in your middle ware as follows.
app.UseCsp(o=>o.DefaultSources(s=>s.Self()) // Execute all local scripts
.StyleSources(s=> s.Self().customerSources(maxdn.bootstrapcdn.com)) // Whitelist the query execution from specified domain
.ReportUris(r => r.Uris("/your_report_url")) // Report any non-white listed executions to this url
If you need to allow all script executions but only report non-white listed scripts use following option in the middle ware.