Lib.AspNetCore.Security Versions Save

Bug Fixes

• Fixed formatting for scheme source by @Den-dp in https://github.com/tpeczek/Lib.AspNetCore.Security/pull/34

New Contributors

• @Den-dp made their first contribution in https://github.com/tpeczek/Lib.AspNetCore.Security/pull/34

Full Changelog: https://github.com/tpeczek/Lib.AspNetCore.Security/compare/v3.2.0...v3.2.1

Additions and Changes

• Added support for ASP.NET Core 3.1
• Added support for ASP.NET Core 5.0
• Added support for endpoint routing
• Added support for Permissions Policy
• Marked Feature Policy as obsolete

Additions and Changes

• Added capability to compute Content Security Policy hash through IContentSecurityPolicyInlineExecutionFeature

Additions and Changes

• Added support for Clear Site Data through IServiceCollection.AddClearSiteDataAuthentication, TargetedSiteDataClearingMiddleware and ClearSiteDataHeaderValue

Additions and Changes

• Added support for Feature-Policy through SecurityHeadersMiddleware, SingleFeaturePolicyHeaderValue and MultipleFeaturePolicyHeaderValue

Additions and Changes

• Added support for X-Permitted-Cross-Domain-Policies through SecurityHeadersMiddleware and XPermittedCrossDomainPoliciesHeaderValue
• Added support for SHA-384 and SHA-512 hashes in Content Security Policy
• Added ContentSecurityPolicySourceListBuilder which provides methods for building Content Security Policy source list

Bug Fixes

• Adjusted nonce generation to specification

Additions and Changes

• Added support for Referrer-Policy through SecurityHeadersMiddleware and ReferrerPolicyHeaderValue
• Added support for X-Frame-Options through SecurityHeadersMiddleware, XFrameOptionsAttribute and XFrameOptionsHeaderValue
• Added support for X-XSS-Protection through SecurityHeadersMiddleware, XXssProtectionAttribute and XXssProtectionHeaderValue
• Added support for X-Content-Type-Options through SecurityHeadersMiddleware
• Added support for X-Download-Options through SecurityHeadersMiddleware
• Added support for block-all-mixed-content directive in Content Security Policy
• Added support for upgrade-insecure-requests directive in Content Security Policy
• Added support for require-sri-for directive in Content Security Policy
• Added support for plugin-types directive in Content Security Policy
• Added support for worker-src directive in Content Security Policy
• Added support for frame-src directive in Content Security Policy
• Added support for Content Security Policy reporting through ISecurityHeadersReportingService, ContentSecurityPolicyReportingMiddleware and ContentSecurityPolicyViolationReport
• Added support for hashes caching in Content Security Policy tag helper
• Added HttpResponseHeadersExtensions which provides methods for directly setting headers on response

Additions and Changes

• Introduced Lib.AspNetCore.Security with SecurityHeadersMiddleware to centralize security headers support. Initial support includes HSTS, CSP and Expect-CT
• Removed RequireHstsAttribute as HSTS support is now provided by SecurityHeadersMiddleware
• Removed ContentSecurityPolicyAttribute as CSP support is now provided by SecurityHeadersMiddleware (CSP tag helper and html helper now depend on SecurityHeadersMiddleware)
• Added ExpectCtReportingMiddleware, ExpectCtViolationReport and ISecurityHeadersReportingService for supporting Expect-CT violation reports
• Added ContentSecurityPolicyHeaderValue, StrictTransportSecurityHeaderValue and ExpectCtHeaderValue for low level headers support

Additions and Changes

• Added Tag Helper for Content Security Policy Level 2 support