This content originally appeared on DEV Community and was authored by Rebin
Introduction
HTTP security headers is the most crucial part of the web applications that helps to protect against some variety of attacks most likely cross-site scripting, clickjacking and other script attacks, configure HTTP security headers is frequently forgotten by Developers! So, I recently checked my blog on securityheaders.com and results indicated that HTTP security headers are not configured so I decided to put some HTTP security headers for my Azure Static Web Apps.
Recommended HTTP security headers
Strict-Transport-Security
Content-Security-Policy
X-Frame-Options
X-Permitted-Cross-Domain-Policies
X-Content-Type-Options
Permissions-Policy
Configure HTTP security headers
You can create a json file called ( staticwebapp.config.json ) in the root of the web site and put the configuration like below then deploy it to your Azure Static Web App host.
{
"globalHeaders": {
"content-security-policy": "frame-ancestors 'self';
upgrade-insecure-requests",
"X-Frame-Options": "SAMEORIGIN",
"X-Permitted-Cross-Domain-Policies": "none",
"Referrer-Policy":"no-referrer",
"X-Content-Type-Options": "nosniff",
"Permissions-Policy": "autoplay=()"
}
}
This content originally appeared on DEV Community and was authored by Rebin
Rebin | Sciencx (2021-09-06T19:48:08+00:00) Configure HTTP security response headers for Azure Static Web Apps. Retrieved from https://www.scien.cx/2021/09/06/configure-http-security-response-headers-for-azure-static-web-apps/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.