diff --git a/src/Altinn.Broker.API/Helpers/SecurityHeadersMiddleware.cs b/src/Altinn.Broker.API/Helpers/SecurityHeadersMiddleware.cs new file mode 100644 index 00000000..6c47051d --- /dev/null +++ b/src/Altinn.Broker.API/Helpers/SecurityHeadersMiddleware.cs @@ -0,0 +1,19 @@ +using Microsoft.Extensions.Primitives; + +public class SecurityHeadersMiddleware +{ + private readonly RequestDelegate _next; + + public SecurityHeadersMiddleware(RequestDelegate next) + { + _next = next; + } + + public async Task InvokeAsync(HttpContext context) + { + context.Response.Headers.Append("X-Content-Type-Options", new StringValues("nosniff")); + context.Response.Headers.Append("Cache-Control", new StringValues("no-store")); + + await _next(context); + } +} \ No newline at end of file diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs index 3fdbd740..1e89ff5a 100644 --- a/src/Altinn.Broker.API/Program.cs +++ b/src/Altinn.Broker.API/Program.cs @@ -69,6 +69,7 @@ static void BuildAndRun(string[] args) var app = builder.Build(); app.UseMiddleware(); + app.UseMiddleware(); app.UseSerilogRequestLogging(); if (app.Environment.IsDevelopment())