Improvements to security

ELYPSIARECORDS · Sep 1, 2017 · e6734ce · e6734ce
1 parent 09c27ff
commit e6734ce
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # ASP.NET Core Photo Gallery 
 
-A photo gallery site implemented in ASP.NET Core 2.0.
+A photo gallery site implemented in ASP.NET Core 2.0 Razor Pages.
 
 **Demo website**: <https://gallerytemplate.azurewebsites.net/>
 

diff --git a/src/Pages/_Layout.cshtml b/src/Pages/_Layout.cshtml
@@ -29,7 +29,7 @@
 
     <footer>
         <p class="container">
-            Fork me on <a href="https://github.com/madskristensen/PhotoGallery" target="_blank" title="See the source code">GitHub</a>
+            Fork me on <a href="https://github.com/madskristensen/PhotoGallery" target="_blank" rel="noreferrer" title="See the source code">GitHub</a>
             @{await Html.RenderPartialAsync("_LoginButton.cshtml");}
         </p>
     </footer>

diff --git a/src/Pages/_ViewStart.cshtml b/src/Pages/_ViewStart.cshtml
@@ -5,7 +5,7 @@
     Context.Response.Headers["Content-Security-Policy"] = $"object-src 'none'; form-action 'self'";
     Context.Response.Headers["X-XSS-Protection"] = "1; mode=block";
     Context.Response.Headers["Referrer-Policy"] = "no-referrer-when-downgrade";
-    //Context.Response.Headers["X-Frame-Options"] = "DENY"; // Uncomment this line
+    Context.Response.Headers["X-Frame-Options"] = "ALLOW-FROM https://www.responsinator.com/"; // Should be set to "DENY"
 
     if (Context.Request.IsHttps)
     {