How does the configuration hierarchy work in affolterNET?

It follows a three-tier pattern where constructor defaults are overridden by appsettings.json values, which are subsequently overridden by lambda-based code configuration.

What should I do if a CSP blocks my API resources?

You can use this skill to review browser console violation reports and then add the required sources to the appropriate CSP directive within your appsettings.json.

Does this skill support custom authentication providers?

Yes, it includes configuration patterns for the AuthProviderOptions section to manage various authentication modes.

Which security headers does this skill help configure?

This skill supports the configuration of HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Content-Security-Policy (CSP).

Can I configure different CORS settings for local development?

Yes, the skill utilizes an isDev flag passed to AddApiServices to handle more permissive CORS settings during development compared to production.

Web API Security & CORS Management

Name: Web API Security & CORS Management
Author: Mcafee123

byMcafee123

API 개발

Configures security headers, CORS policies, and the IConfigurableOptions pattern for affolterNET.Web.Api applications.

소개

This skill empowers Claude to efficiently secure .NET Web APIs using the affolterNET framework by automating the setup of essential security headers, CORS policies, and configuration patterns. It enables developers to implement HSTS, Content Security Policy (CSP), and fine-grained cross-origin access controls through a hierarchical configuration system. Whether you are hardening a production environment or managing development-specific overrides, this skill provides the implementation patterns and troubleshooting steps necessary for robust API security and compliant header management.

주요 기능

Automated security header configuration (HSTS, CSP, XFO)
0 GitHub stars
Implementation of the three-tier IConfigurableOptions pattern
Granular CORS policy management via JSON or code
Troubleshooting guides for CSP violations and CORS preflight issues
Environment-aware security settings for development vs. production

사용 사례

Applying tiered configuration overrides to maintain environment-specific security profiles
Hardening a .NET API against XSS, clickjacking, and MIME-sniffing attacks
Managing cross-origin access for modern frontend SPAs and administrative dashboards

소개

주요 기능

Automated security header configuration (HSTS, CSP, XFO)
0 GitHub stars
Implementation of the three-tier IConfigurableOptions pattern
Granular CORS policy management via JSON or code
Troubleshooting guides for CSP violations and CORS preflight issues
Environment-aware security settings for development vs. production

사용 사례

Applying tiered configuration overrides to maintain environment-specific security profiles
Hardening a .NET API against XSS, clickjacking, and MIME-sniffing attacks
Managing cross-origin access for modern frontend SPAs and administrative dashboards