Skip to content

Commit

Permalink
nwebsec sample config custom for SignIn route
Browse files Browse the repository at this point in the history
  • Loading branch information
@explunit
explunit committed May 31, 2019
1 parent bf5771c commit b4d5470
Showing 1 changed file with 47 additions and 24 deletions.
71 changes: 47 additions & 24 deletions Samples/SampleMvcApplication/Web.config
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,28 +106,51 @@
</dependentAssembly>
</assemblyBinding>
</runtime>
<nwebsec>
<httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="NWebsecConfig/HttpHeaderSecurityModuleConfig.xsd">
<securityHttpHeaders>
<x-Frame-Options policy="Deny"/>
<x-Content-Type-Options enabled="true" />
<content-Security-Policy enabled="true">
<default-src self="true"/>
<script-src self="true" strictDynamic="true">
<!--the auto-posting javascript generated when HttpPost binding is in use-->
<add source="sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc="/>
</script-src>
<style-src unsafeInline="false" self="true" />
<img-src self="true">
</img-src>
<object-src none="true" />
<media-src none="true" />
<frame-src none="true" />
<font-src self="true" />
<connect-src none="true" />
<frame-ancestors none="true" />
</content-Security-Policy>
</securityHttpHeaders>
</httpHeaderSecurityModule>
</nwebsec>
<location path="Home">
<nwebsec>
<httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="NWebsecConfig/HttpHeaderSecurityModuleConfig.xsd">
<securityHttpHeaders>
<x-Frame-Options policy="Deny"/>
<x-Content-Type-Options enabled="true" />
<content-Security-Policy enabled="true">
<default-src self="true"/>
<script-src self="true" strictDynamic="true" />
<style-src self="true" unsafeInline="false" />
<img-src self="true" />
<font-src self="true" />
<object-src none="true" />
<media-src none="true" />
<frame-src none="true" />
<connect-src none="true" />
<frame-ancestors none="true" />
</content-Security-Policy>
</securityHttpHeaders>
</httpHeaderSecurityModule>
</nwebsec>
</location>
<location path="SignIn">
<nwebsec>
<httpHeaderSecurityModule xmlns="http://nwebsec.com/HttpHeaderSecurityModuleConfig.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="NWebsecConfig/HttpHeaderSecurityModuleConfig.xsd">
<securityHttpHeaders>
<x-Frame-Options policy="Deny"/>
<x-Content-Type-Options enabled="true" />
<content-Security-Policy enabled="true">
<default-src self="true"/>
<script-src self="true" strictDynamic="true">
<!--the auto-posting javascript generated when HttpPost binding is in use-->
<add source="sha256-P3ctnFLM5WKMitbWbZPkh7TsbhvCPtdF7mlwMUv2pgc="/>
</script-src>
<style-src self="true" unsafeInline="false" />
<img-src self="true" />
<font-src self="true" />
<object-src none="true" />
<media-src none="true" />
<frame-src none="true" />
<connect-src none="true" />
<frame-ancestors none="true" />
</content-Security-Policy>
</securityHttpHeaders>
</httpHeaderSecurityModule>
</nwebsec>
</location>
</configuration>

0 comments on commit b4d5470

Please sign in to comment.