如何在.net Core 2.0中删除x-powered-by标头 [英] How to remove x-powered-by header in .net core 2.0
本文介绍了如何在.net Core 2.0中删除x-powered-by标头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试使用此中间件:
public class SecurityHeadersMiddleware
{
private readonly RequestDelegate next;
public SecurityHeadersMiddleware(RequestDelegate next)
{
this.next = next;
}
public async Task Invoke(HttpContext context)
{
context.Response.OnStarting(state =>
{
var ctx = (HttpContext)state;
if (!ctx.Response.Headers.ContainsKey("Arr-Disable-Session-Affinity"))
{
ctx.Response.Headers.Add("Arr-Disable-Session-Affinity", "True"); // Disables the Azure ARRAffinity cookie
}
if (ctx.Response.Headers.ContainsKey("Server"))
{
ctx.Response.Headers.Remove("Server"); // For security reasons
}
if (ctx.Response.Headers.ContainsKey("x-powered-by") || ctx.Response.Headers.ContainsKey("X-Powered-By"))
{
ctx.Response.Headers.Remove("x-powered-by");
ctx.Response.Headers.Remove("X-Powered-By");
}
if (!ctx.Response.Headers.ContainsKey("X-Frame-Options"))
{
ctx.Response.Headers.Add("X-Frame-Options", "DENY");
}
return Task.FromResult(0);
}, context);
await next(context);
}
}
x-powered-by仍然在响应标头中,该标头显示为asp.net
x-powered-by is still there in response header which says asp.net
推荐答案
- 除了@Brando Zhang答案之外,要删除"Server:Kestrel"来自响应标头:
-.NET Core 1
-.NET Core 1
var host = new WebHostBuilder()
.UseKestrel(c => c.AddServerHeader = false)
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
-NET Core 2
-NET Core 2
WebHost.CreateDefaultBuilder(args)
.UseKestrel(c => c.AddServerHeader = false)
.UseStartup<Startup>()
.Build();
这篇关于如何在.net Core 2.0中删除x-powered-by标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文