How does the configuration hierarchy work in affolterNET?

It follows a three-tier pattern where constructor defaults are overridden by appsettings.json values, which are subsequently overridden by lambda-based code configuration.

What should I do if a CSP blocks my API resources?

You can use this skill to review browser console violation reports and then add the required sources to the appropriate CSP directive within your appsettings.json.

Does this skill support custom authentication providers?

Yes, it includes configuration patterns for the AuthProviderOptions section to manage various authentication modes.

Which security headers does this skill help configure?

This skill supports the configuration of HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Content-Security-Policy (CSP).

Can I configure different CORS settings for local development?

Yes, the skill utilizes an isDev flag passed to AddApiServices to handle more permissive CORS settings during development compared to production.

Web API Security & CORS Management

Name: Web API Security & CORS Management
Author: Mcafee123

byMcafee123

0•

API 개발

Configures security headers, CORS policies, and the IConfigurableOptions pattern for affolterNET.Web.Api applications.

This skill empowers Claude to efficiently secure .NET Web APIs using the affolterNET framework by automating the setup of essential security headers, CORS policies, and configuration patterns. It enables developers to implement HSTS, Content Security Policy (CSP), and fine-grained cross-origin access controls through a hierarchical configuration system. Whether you are hardening a production environment or managing development-specific overrides, this skill provides the implementation patterns and troubleshooting steps necessary for robust API security and compliant header management.

주요 기능

01Automated security header configuration (HSTS, CSP, XFO)

020 GitHub stars

03Implementation of the three-tier IConfigurableOptions pattern

04Granular CORS policy management via JSON or code

05Troubleshooting guides for CSP violations and CORS preflight issues

06Environment-aware security settings for development vs. production

사용 사례

01Applying tiered configuration overrides to maintain environment-specific security profiles

02Hardening a .NET API against XSS, clickjacking, and MIME-sniffing attacks

03Managing cross-origin access for modern frontend SPAs and administrative dashboards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mcafee123/affolternet.web security

For use in Claude.ai and ChatGPT

Download Skill