Hello,
I am using .NET Core 2.2 - MVC Framework. I had but this security code which works well in dev, but in prod it does not seem to read the jquery lib and throws off the whole page. if I remove it, the app works fine in dev and prod.
Code
Startup.cs
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts(); //commented 2019.10.28 for deployment purposes
}
//******* this enables the deployed code website not to read jquery. ok in dev
//app.Use(async (context, next) =>
//{
// context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
// context.Response.Headers.Add("X-Frame-Options", "DENY");
// context.Response.Headers.Add("X-Xss-Protection", "1; mode=block");
// context.Response.Headers.Add("Content-Security-Policy",
// "script-src 'self'; " +
// "style-src 'self'; " +
// "img-src 'self'");
// await next();
//});
Please advise.
thanks,
tinac99