TerribleDev/HardHat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17 Commits 2 Branches 8 Tags
d564cebf006135223ace4cdb6503dfc090b12dc8
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Tommy Parnell d564cebf00 icon url fix
2016-12-31 22:24:24 -05:00
.vscode
ieNoOpen, Referrer
2016-12-31 06:24:33 -05:00
src
icon url fix
2016-12-31 22:24:24 -05:00
.gitattributes
add logo
2016-12-31 17:43:14 -05:00
.gitignore
Add .gitignore and .gitattributes.
2016-12-23 11:14:10 -05:00
global.json
Add project files.
2016-12-23 11:14:12 -05:00
HardHat.sln
add sln
2016-12-23 22:03:16 -05:00
Hat.png
add logo
2016-12-31 17:43:14 -05:00
LICENSE.md
license file
2016-12-31 21:58:43 -05:00
Readme.md
readme
2016-12-31 22:00:35 -05:00

Readme.md

Hard Hat

HardHat is a set of .net core middleware that adds various headers to help protect your site from vulnerablities. Inspired by helmetJS. Currently in beta, Content Security Policy, Unit tests, documentation due before 1.0.0. Netherless this should work fine.

In short this allows:


 // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            ...
            app.UseDnsPrefetch(allow: false); //turn off dns prefetch to protect the privacy of users
            app.UseFrameGuard(new FrameGuardOptions(FrameGuardOptions.FrameGuard.SAMEORIGIN)); //prevent clickjacking, by not allowing your site to be rendered in an iframe
            //  app.UseFrameGuard(new FrameGuardOptions("otherdomain.com")); or allow iframes on another domain
            app.UseHsts(maxAge: 5000, includeSubDomains: true, preload: false); //tell browsers to always use https for the next 5000 seconds
            app.UseReferrerPolicy(ReferrerPolicy.NoReferrer); // do not include the referrer header when linking away from your site to protect your users privacy
            app.UseIENoOpen(); // don't allow old ie to open files in the context of your site
            app.UseNoMimeSniff(); // prevent MIME sniffing https://en.wikipedia.org/wiki/Content_sniffing
            app.UseCrossSiteScriptingFilters(); //add headers to have the browsers auto detect and block some xss attacks
            ...
            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }

Getting started

  • Install the nuget package Install-Package HardHat -Pre
  • Add the middleware you desire to your configure block.
Reference in New Issue View Git Blame Copy Permalink
Description
Help secure .net core apps with various HTTP headers (such as CSP's)
asp-net-corecontent-security-policymiddlewarepublic-key-pinningsecurity
Readme 616 KiB
Languages
C# 86.5%
HTML 12.2%
CSS 0.8%
JavaScript 0.5%