Response headers allow list API

The response headers allow list API makes it possible to add domains to the Content-Security-Policy and Permissions-Policy headers and alter the value of the Cross-Origin headers while developing modules.

The API works only with Sitefinity CMS modules and static blob storage providers that implement the IHttpSecurityHeadersProvider interface.

The interface has the GetHeaders method where a list with headers can be added.

For the Content-Security-Policy and Permissions-Policy you can only add new domains via the API, while for the Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy you can only override the values of these headers if the values you introduce with the API are less strict than the values configured in the project.

Sample implementation

This is a sample implementation of the API without the context of the module it is incorporated in.

Want to learn more?

Sign up for our free beginner training. Boost your credentials through advanced courses and certification.
Register for Sitefinity training and certification.

Was this article helpful?