我需要在API的Azure功能应用程序的响应头中发送HSTS头(而不是web应用程序(。我可以添加具有必需选项的HSTS,但无法使用useHSTS,如下所示。
public override void Configure(IFunctionsHostBuilder builder)
{
....
builder.Services.AddHsts(options =>
{
options.Preload = true;
options.IncludeSubDomains = true;
options.MaxAge = TimeSpan.FromDays(365);
});
....
}
Startup.cs文件不允许我使用参数为IApplicationBuilder的Configure方法。
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
}
任何在回复中获得HSTS标题的建议都将不胜感激!
请检查https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook?tabs=in-进程%2Functionsv2&pivots=编程语言csharp#hostjson设置
在host.json 中
{
"version": "2.0",
...
},
"extensions": {
"http": {
"routePrefix": "api",
"hsts": {
"isEnabled": true,
"includeSubDomains": true,
"maxAge": "365"
},
"customHeaders": {
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY",
"X-XSS-Protection": "1; mode=block"
}
}
}
}