How does the configuration priority work?

It uses a three-tier system: hardcoded defaults are applied first, followed by appsettings.json overrides, and finally lambda configuration in Program.cs as the highest priority.

What security headers are supported by this skill?

It supports HSTS, X-Frame-Options, X-Content-Type-Options, Referrer Policy, and Content Security Policy (CSP).

Can I set different CORS policies for development and production?

Yes, the skill supports environment-specific CORS settings using the isDev flag passed to the AddApiServices method.

What should I do if my CORS preflight fails?

Ensure your AllowedOrigins include the exact protocol and port, check that AllowedMethods includes the HTTP verb, and verify AllowCredentials is true if using authentication.

Web API Security Configuration

Name: Web API Security Configuration
Author: affolterNET

byaffolterNET

0•

보안 및 테스팅

Configures security headers, CORS policies, and hierarchical API options for affolterNET.Web applications.

This skill provides a standardized approach to securing .NET Web APIs using the affolterNET framework. It streamlines the implementation of essential security headers like HSTS and CSP, manages Cross-Origin Resource Sharing (CORS) policies, and utilizes a hierarchical configuration pattern to ensure robust, production-ready application settings. It is particularly useful for developers who need to implement consistent security practices across their .NET services while maintaining flexibility through the IConfigurableOptions pattern, allowing for overrides via appsettings or code.

주요 기능

01Development-specific configuration toggles for easier debugging

02Automated Security Header Configuration including HSTS and X-Frame-Options

03Comprehensive CORS policy management for multi-origin environments

04Customizable Content Security Policy (CSP) for API protection

05Three-tier hierarchical configuration pattern for flexible settings

060 GitHub stars

사용 사례

01Configuring complex CORS policies for multi-tenant or multi-frontend environments

02Setting up production-grade security headers and HSTS for a new .NET Web API

03Overriding default API behaviors using the high-priority lambda configuration pattern

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add affolternet/affolternet.web security

For use in Claude.ai and ChatGPT

Download Skill