{"id":32440519,"url":"https://github.com/marthijn/sidio.web.security","last_synced_at":"2025-10-26T01:47:56.431Z","repository":{"id":253367812,"uuid":"837109347","full_name":"marthijn/Sidio.Web.Security","owner":"marthijn","description":"Helper functions and middleware to secure ASP.NET Core applications","archived":false,"fork":false,"pushed_at":"2025-10-21T07:00:35.000Z","size":1301,"stargazers_count":3,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-21T09:09:08.836Z","etag":null,"topics":["asp-net-core","content-security-policy","http","security","web-security"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/marthijn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-02T08:28:19.000Z","updated_at":"2025-10-21T07:00:32.000Z","dependencies_parsed_at":"2025-01-14T15:55:57.160Z","dependency_job_id":"85704b64-1a58-4c4c-b1ad-78e609b4203c","html_url":"https://github.com/marthijn/Sidio.Web.Security","commit_stats":null,"previous_names":["marthijn/sidio.web.security"],"tags_count":20,"template":false,"template_full_name":null,"purl":"pkg:github/marthijn/Sidio.Web.Security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marthijn%2FSidio.Web.Security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marthijn%2FSidio.Web.Security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marthijn%2FSidio.Web.Security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marthijn%2FSidio.Web.Security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/marthijn","download_url":"https://codeload.github.com/marthijn/Sidio.Web.Security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/marthijn%2FSidio.Web.Security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281047795,"owners_count":26435124,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-25T02:00:06.499Z","response_time":81,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asp-net-core","content-security-policy","http","security","web-security"],"created_at":"2025-10-26T01:47:54.930Z","updated_at":"2025-10-26T01:47:56.423Z","avatar_url":"https://github.com/marthijn.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ASP.NET Core web security\n\n# Goal of this project\nThe goal of this project is to provide a set of services, helper functions and middleware that can be used to secure an ASP.NET Core application.\nAll features are based on the [Mozilla Web Security Guidelines](https://infosec.mozilla.org/guidelines/web_security).\n\n# Packages\n## Sidio.Web.Security.AspNetCore\n[Sidio.Web.Security.AspNetCore](https://www.nuget.org/packages/Sidio.Web.Security.AspNetCore/) provides the ASP.NET Core services and middleware. The project targets .NET 8.0 and higher.\n\n[![build](https://github.com/marthijn/Sidio.Web.Security/actions/workflows/build.yml/badge.svg)](https://github.com/marthijn/Sidio.Web.Security/actions/workflows/build.yml)\n[![NuGet Version](https://img.shields.io/nuget/v/Sidio.Web.Security.AspNetCore)](https://www.nuget.org/packages/Sidio.Web.Security.AspNetCore/)\n\n## Sidio.Web.Security.Testing\n[Sidio.Web.Security.Testing](https://www.nuget.org/packages/Sidio.Web.Security.AspNetCore.Mvc/) provides testing \nfunctionality that can be used to verify that the security headers are set correctly.\n\n[![build](https://github.com/marthijn/Sidio.Web.Security/actions/workflows/build.yml/badge.svg)](https://github.com/marthijn/Sidio.Web.Security/actions/workflows/build.yml)\n[![NuGet Version](https://img.shields.io/nuget/v/Sidio.Web.Security.Testing)](https://www.nuget.org/packages/Sidio.Web.Security.Testing/)\n\n## .NET Framework support: Sidio.Web.Security\n[Sidio.Web.Security](https://www.nuget.org/packages/Sidio.Web.Security/) provides the core functionality. Can be used in projects targeting .NET Standard 2.0.\nIt is useful to use this package if .NET Framework is still in use. Otherwise, use [Sidio.Web.Security.AspNetCore](https://www.nuget.org/packages/Sidio.Web.Security.AspNetCore/).\nNote that this package does not contain the middleware and services that are provided by the ASP.NET Core package. Feel free to make a contribution to this project or a fork\ntargeting .NET Framework.\n\n[![build](https://github.com/marthijn/Sidio.Web.Security/actions/workflows/build.yml/badge.svg)](https://github.com/marthijn/Sidio.Web.Security/actions/workflows/build.yml)\n[![NuGet Version](https://img.shields.io/nuget/v/Sidio.Web.Security)](https://www.nuget.org/packages/Sidio.Web.Security/)\n\n## Code quality\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=marthijn_Sidio.Web.Security\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=marthijn_Sidio.Web.Security)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=marthijn_Sidio.Web.Security\u0026metric=coverage)](https://sonarcloud.io/summary/new_code?id=marthijn_Sidio.Web.Security)\n\n# Documentation\nSee the [wiki docs](https://github.com/marthijn/Sidio.Web.Security/wiki/HTTP-headers).\n\n# Features\n## HTTP headers\n- Content-Security-Policy: [docs](https://github.com/marthijn/Sidio.Web.Security/wiki/Content%E2%80%90Security%E2%80%90Policy)\n- Referrer-Policy: [docs](https://github.com/marthijn/Sidio.Web.Security/wiki/Referrer%E2%80%90Policy)\n- Report-To: [docs](https://github.com/marthijn/Sidio.Web.Security/wiki/Report%E2%80%90To)\n- Strict-Transport-Security (HSTS): [docs](https://github.com/marthijn/Sidio.Web.Security/wiki/Strict%E2%80%90Transport%E2%80%90Security-(HSTS))\n- X-Content-Type-Options: [docs](https://github.com/marthijn/Sidio.Web.Security/wiki/X%E2%80%90Content%E2%80%90Type%E2%80%90Options)\n- X-Frame-Options: [docs](https://github.com/marthijn/Sidio.Web.Security/wiki/X%E2%80%90Frame%E2%80%90Options)\n\nRead more in the [wiki docs](https://github.com/marthijn/Sidio.Web.Security/wiki/HTTP-headers).\n\n### Example\n```csharp\nbuilder.Services\n    .AddContentSecurityPolicy();\n```\n\n```csharp\napp.UseXFrameOptions();\napp.UseXContentTypeOptions();\napp.UseStrictTransportSecurity();\napp.UseContentSecurityPolicy(\n    (services, b) =\u003e\n    {\n        b.AddDefaultSrc(x =\u003e x.AllowSelf());\n        b.AddScriptSrc(x =\u003e x.AddNonce(services).AllowUnsafeInline().AllowUrl(\"https://cdn.example.com\"));\n        b.AddStyleSrc(x =\u003e x.AddNonce(services));\n    });\n```\n\nSee [getting started](https://github.com/marthijn/Sidio.Web.Security/wiki/Getting-started) and\nthe [recommended ASP.NET Core configuration](https://github.com/marthijn/Sidio.Web.Security/wiki/Recommended-configuration-for-ASP.NET-Core).\n\n### Reporting API\nThe reporting API can be used to report violations of the Content Security Policy.\nRead more in the [wiki docs](https://github.com/marthijn/Sidio.Web.Security/wiki/Reporting-API).\n\n## Default policies\n- A [secure cookie policy](https://github.com/marthijn/Sidio.Web.Security/wiki/Cookies)\n\n## Testing\nThe package [Sidio.Web.Security.Testing](https://www.nuget.org/packages/Sidio.Web.Security.AspNetCore.Mvc/) provides a set of functions that can be used to test\nthe security configuration of an ASP.Net Core application. [Read more](https://github.com/marthijn/Sidio.Web.Security/wiki/Testing).\n\n# Contributions\nContributions are welcome! Feel free to create a pull request or an issue.\n\n# License\nThis project is licensed under the [MIT License](LICENSE).\n\nTexts used in this project (including this readme, the code documentation and wiki pages) may come from, or be based on, the [MDN Web Doc's](https://developer.mozilla.org/en-US/docs/MDN/).\nDocumentation by [Mozilla Contributors](https://developer.mozilla.org/en-US/docs/MDN/Community/Roles_teams#contributor) is licensed under [CC-BY-SA 2.5](https://creativecommons.org/licenses/by-sa/2.5/).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarthijn%2Fsidio.web.security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarthijn%2Fsidio.web.security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarthijn%2Fsidio.web.security/lists"}