public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// set Server
app.UseServerHeader();
// set Powered by
app.UsePoweredBy();
// set No Mime Sniff
app.UseNoMimeSniff();
// set Referrer policy
app.UseReferrerPolicy(ReferrerPolicy.NoReferrer);
// set Frame guard
app.UseFrameGuard(new FrameGuardOptions(FrameGuard.SameOrigin));
// set XSS protection
app.UseXssProtection(XssProtection.EnabledWithBlock);
// or just forget all settings and use default pipeline :)
app.UseDaifuku();
// pipeline stuff below is not set in UseDaifuku
// ---------------------------------------------
// do we use HTTPS?
//var options = new RewriteOptions().AddRedirectToHttpsPermanent();
//app.UseRewriter(options);
app.UseHsts();
// configure domain redirects
app.RedirectDomains(new Dictionary<string, string>
{
{ "daifu.ku", "www.daifu.ku" },
{ "test.azurewebsites.net", "www.daifu.ku" },
});
// set custom header
app.UseCustomHeader("X-Overlord", "Daifuku");
// set Content Security Policy
app.UseContentSecurityPolicy(
new ContentSecurityPolicyBuilder()
.WithDefaultSource(CspConstants.Self)
.WithImageSource("http://blobs.daifu.ku")
.WithFontSource(CspConstants.Self)
.WithFrameAncestors(CspConstants.None)
.WithMediaSource(CspConstants.Schemes.MediaStream)
.BuildPolicy());
// set Expect CT
app.UseExpectCt(86400, "https://daifu.ku/report");
// set Feature Policy
app.UseFeaturePolicy(new FeaturePolicyBuilder()
.WithAutoplay(CspConstants.Self)
.WithAutoplay("http://*.daifu.ku")
.WithGeolocation(CspConstants.None)
.BuildPolicy());
// set healhtz endpoint
app.UseHealthz(); // default path is /healthz
Adds CSS classes in HTML element.
<!-- razor -->
<div class="foundation" add-css-class-foo="42 % 2 == 0" add-css-class-bar="42 % 2 != 0">content</div>
<!-- html -->
<div class="foundation foo">content</div>
Adds display name attribute into content of HTML element.
class ComicGirl
{
[Display(Name = "Abababa")]
public string Moeta { get; set; }
public int Something { get; set; }
}
<!-- razor -->
@model ComicGirl
<span asp-display-name-for="Moeta"></span>
<span asp-display-name-for="Something"></span>
<!-- html -->
<span>Abababa</span>
<span>Something</span>
Display Markdown converted to html using Markdig.
<markdown>
Learn how to build ASP.NET apps that can run anywhere now @DateTime.Now
[Learn More](https://go.microsoft.com/fwlink/?LinkID=525028&clcid=0x409){class="btn btn-default"}
</markdown>
Or using model
@{
var markdown = "And so on...";
}
<markdown markdown="@markdown"></markdown>
Simple service returning a current time for a given timezone or UTC if not set.
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton<IUniversalTimeConfiguration>(new UniversalTimeConfiguration("Central European Standard Time"));
services.AddUniversalTime();
// or
services.AddUniversalTime("Central European Standard Time");
// or
services.AddUniversalTime(); // default is UTC time
// or
services.AddUniversalTime(TimeZoneInfo.Local); // provide directly TimeZoneInfo
}
Inject anywhere
public Ctor(IUniversalTime universalTime)
{
var now = universalTime.Now;
}
As long as IIS injects some headers you can clean up headers configuring your web.config
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
</customHeaders>
<redirectHeaders>
<clear />
</redirectHeaders>
</httpProtocol>
</system.webServer>
</configuration>
HTTP headers @ MDN web docs moz://a
MIT © frohikey / Goto10 s.r.o.