Update packages

swiss-ssi-group · Dec 11, 2024 · c484386 · c484386
1 parent 09545f3
commit c484386
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 24 deletions.
diff --git a/EmployeePaycheck/EmployeePaycheck.csproj b/EmployeePaycheck/EmployeePaycheck.csproj
@@ -12,8 +12,8 @@
     <PackageReference Include="Microsoft.Identity.Web.UI" Version="3.5.0" />
     <PackageReference Include="Microsoft.Extensions.Localization" Version="9.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="9.0.0" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.24.0" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="0.24.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.0.0-preview.2" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.0.0-preview.2" />
   </ItemGroup>
 
 </Project>
diff --git a/EmployeePaycheck/Program.cs b/EmployeePaycheck/Program.cs
@@ -9,6 +9,10 @@ public static void Main(string[] args)
     {
         var builder = WebApplication.CreateBuilder(args);
 
+        builder.Services.AddSecurityHeaderPolicies()
+            .SetPolicySelector(ctx => SecurityHeadersDefinitions
+                .GetHeaderPolicyCollection(builder.Environment.IsDevelopment()));
+
         builder.Services.AddScoped<VerifierService>();
         builder.Services.AddScoped<ValidateUserAndPaycheckIdService>();
 
@@ -29,9 +33,7 @@ public static void Main(string[] args)
 
         var app = builder.Build();
 
-        app.UseSecurityHeaders(
-            SecurityHeadersDefinitions.GetHeaderPolicyCollection(
-                app.Environment.IsDevelopment()));
+        app.UseSecurityHeaders();
 
         if (!app.Environment.IsDevelopment())
         {
@@ -40,7 +42,7 @@ public static void Main(string[] args)
         }
 
         app.UseHttpsRedirection();
-        app.UseStaticFiles();
+        app.MapStaticAssets();
 
         app.UseRouting();
 

diff --git a/EmployeePaycheck/SecurityHeadersDefinitions.cs b/EmployeePaycheck/SecurityHeadersDefinitions.cs
@@ -2,9 +2,18 @@ namespace EmployeePaycheck;
 
 public static class SecurityHeadersDefinitions
 {
+    private static HeaderPolicyCollection? policy;
+
     public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
     {
-        var policy = new HeaderPolicyCollection()
+        // Avoid building a new HeaderPolicyCollection on every request for performance reasons.
+        // Where possible, cache and reuse HeaderPolicyCollection instances.
+        if (policy != null)
+        {
+            return policy;
+        }
+
+        policy = new HeaderPolicyCollection()
             .AddFrameOptionsDeny()
             .AddContentTypeOptionsNoSniff()
             .AddReferrerPolicyStrictOriginWhenCrossOrigin()
@@ -23,23 +32,7 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
                 builder.AddScriptSrc().UnsafeInline().WithNonce();
                 builder.AddFrameAncestors().None();
             })
-            .AddPermissionsPolicy(builder =>
-            {
-                builder.AddAccelerometer().None();
-                builder.AddAutoplay().None();
-                builder.AddCamera().None();
-                builder.AddEncryptedMedia().None();
-                builder.AddFullscreen().All();
-                builder.AddGeolocation().None();
-                builder.AddGyroscope().None();
-                builder.AddMagnetometer().None();
-                builder.AddMicrophone().None();
-                builder.AddMidi().None();
-                builder.AddPayment().None();
-                builder.AddPictureInPicture().None();
-                builder.AddSyncXHR().None();
-                builder.AddUsb().None();
-            });
+            .AddPermissionsPolicyWithDefaultSecureDirectives();
 
         if (!isDev)
         {