Web and Dev.... webzil.tistory.com

Respose 에서 헤더에 노출되는 값 제거

1. Web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <!-- To customize the asp.net core module uncomment and edit the following section. 
  For more info see https://go.microsoft.com/fwlink/?linkid=838655 -->
  <system.webServer>
    <handlers>
      <remove name="aspNetCore" />
      <add name="aspNetCore" path="*" verb="HEAD,GET,POST" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
<!--GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS-->
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
  <remove name="OPTIONSVerbHandler" />
  <remove name="TRACEVerbHandler" />
  <remove name="WebDAV" />
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
    <httpProtocol>
      <customHeaders>
        <remove name="x-powered-by" />
      </customHeaders>
    </httpProtocol>
    <security>
      <requestFiltering removeServerHeader="true" />
      <!-- Removes Server header in IIS10 or later and also in Azure Web Apps -->
    </security>
  </system.webServer>
</configuration>

2. Startup.cs

            #region Security Headers
            app.Use(async (context, next) =>
            {
                context.Response.Headers.Add("X-Frame-Options", "DENY");
                context.Response.Headers.Add("X-Xss-Protection", "1; mode=block");
                context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
                context.Response.Headers.Add("X-Permitted-Cross-Domain-Policies", "none");
                context.Response.Headers.Add("Referrer-Policy", "no-referrer");
                await next.Invoke();

                .....

            }
            #endregion

https://blog.elmah.io/the-asp-net-core-security-headers-guide/

https://www.freecodespot.com/blog/dotnet-core-crud-with-firebase-database/

https://www.codeproject.com/Articles/5308552/Securing-a-Website-Using-Firebase-Angular-8-and-2