Add security headers for enhanced protection

shahabganji · linkdotnet · commit d05fa7452985 · 2025-09-06T21:36:14.000+02:00
Integrated `NetEscapades.AspNetCore.SecurityHeaders` to enforce default and API-specific security header policies. Updated `Program.cs` to define and use the new security header configurations. Modified project files and dependencies to reference the necessary package for implementation. These updates improve application security against common vulnerabilities.
diff --git a/src/LinkDotNet.Blog.Web/LinkDotNet.Blog.Web.csproj b/src/LinkDotNet.Blog.Web/LinkDotNet.Blog.Web.csproj
@@ -19,6 +19,7 @@
 			<PrivateAssets>all</PrivateAssets>
 		</PackageReference>
 		<PackageReference Include="Microsoft.Extensions.Options"/>
+		<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders"/>
 		<PackageReference Include="ReverseMarkdown"/>
 		<PackageReference Include="System.ServiceModel.Syndication"/>
 	</ItemGroup>
diff --git a/src/LinkDotNet.Blog.Web/Program.cs b/src/LinkDotNet.Blog.Web/Program.cs
@@ -6,6 +6,7 @@
 using LinkDotNet.Blog.Web.RegistrationExtensions;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Diagnostics.HealthChecks;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 
 namespace LinkDotNet.Blog.Web;
@@ -25,6 +26,10 @@ public static async Task Main(string[] args)
 
     private static void RegisterServices(WebApplicationBuilder builder)
     {
+        builder.Services.AddSecurityHeaderPolicies()
+            .SetDefaultPolicy(p => p.AddDefaultSecurityHeaders())
+            .AddPolicy("API", p => p.AddDefaultApiSecurityHeaders());
+
         builder.Services
             .AddHostingServices()
             .AddConfiguration()
@@ -49,6 +54,8 @@ private static void RegisterServices(WebApplicationBuilder builder)
 
     private static void ConfigureApp(WebApplication app)
     {
+        app.UseSecurityHeaders();
+
         if (app.Environment.IsDevelopment())
         {
             app.UseDeveloperExceptionPage();
