You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I am working on some .NET 6 REST APIs and using your middleware for the sake of consistent ProblemDetails on errors.
We have strict requirements to follow ASVS recommendations when it comes to HTTP response headers. So we need to add some like "Referrer-Policy", "X-Content-Type-Options", "X-Frame-Options" and so on.
Then I found out that this middleware strips out all our custom headers. After that I managed to make it work again by adding those headers to the AllowedHeaderNames set.
I don't get why the middleware removes all headers by default (except by some pre-defined). Could you please explain?
Thanks
The text was updated successfully, but these errors were encountered:
Hi,
I am working on some .NET 6 REST APIs and using your middleware for the sake of consistent ProblemDetails on errors.
We have strict requirements to follow ASVS recommendations when it comes to HTTP response headers. So we need to add some like "Referrer-Policy", "X-Content-Type-Options", "X-Frame-Options" and so on.
Then I found out that this middleware strips out all our custom headers. After that I managed to make it work again by adding those headers to the AllowedHeaderNames set.
I don't get why the middleware removes all headers by default (except by some pre-defined). Could you please explain?
Thanks
The text was updated successfully, but these errors were encountered: