Add security headers middleware (#536)

Co-authored-by: Hammerbeck <[email protected]>
Altinn · Sep 2, 2024 · 1cd468f · 1cd468f
1 parent c5d669f
commit 1cd468f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/src/Altinn.Broker.API/Helpers/SecurityHeadersMiddleware.cs b/src/Altinn.Broker.API/Helpers/SecurityHeadersMiddleware.cs
@@ -0,0 +1,19 @@
+using Microsoft.Extensions.Primitives;
+
+public class SecurityHeadersMiddleware
+{
+    private readonly RequestDelegate _next;
+
+    public SecurityHeadersMiddleware(RequestDelegate next)
+    {
+        _next = next;
+    }
+
+    public async Task InvokeAsync(HttpContext context)
+    {
+        context.Response.Headers.Append("X-Content-Type-Options", new StringValues("nosniff"));
+        context.Response.Headers.Append("Cache-Control", new StringValues("no-store"));
+
+        await _next(context);
+    }
+}
diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs
@@ -69,6 +69,7 @@ static void BuildAndRun(string[] args)
 
     var app = builder.Build();
     app.UseMiddleware<RequestLoggingMiddleware>();
+    app.UseMiddleware<SecurityHeadersMiddleware>();
     app.UseSerilogRequestLogging();
 
     if (app.Environment.IsDevelopment())