Response headers allow list API

The response headers allow list API makes it possible to add domains to the Content-Security-Policy and Permissions-Policy headers and alter the value of the Cross-Origin headers while developing modules.

The API works only with Sitefinity CMS modules and static blob storage providers that implement the IHttpSecurityHeadersProvider interface.

The interface has the GetHeaders method where a list with headers can be added.

For the Content-Security-Policy and Permissions-Policy you can only add new domains via the API, while for the Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy you can only override the values of these headers if the values you introduce with the API are less strict than the values configured in the project.

Sample implementation

This is a sample implementation of the API without the context of the module it is incorporated in.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?