Merge pull request #35 from damienbod/dev

damienbod · web-flow · commit 916c9c871dc4 · 2023-03-12T08:58:34.000+01:00
Fix security headers, use on app requests including API calls
diff --git a/Changelog.md b/Changelog.md
@@ -2,6 +2,10 @@
 
 [Readme](https://github.com/damienbod/Blazor.BFF.AzureB2C.Template/blob/main/README.md) 
 
+**2023-03-12** 2.0.2
+- Fix security headers, use on app requests including API calls
+- Updated packages
+
 **2023-01-15** 2.0.1
 - Updated packages
 - Improved Microsoft Graph client 
diff --git a/README.md b/README.md
@@ -198,7 +198,7 @@ nuget pack content/Blazor.BFF.AzureB2C.Template.nuspec
 Locally built nupkg:
 
 ```
-dotnet new -i Blazor.BFF.AzureB2C.Template.2.0.1.nupkg
+dotnet new -i Blazor.BFF.AzureB2C.Template.2.0.2.nupkg
 ```
 
 Local folder:
diff --git a/content/Blazor.BFF.AzureB2C.Template.nuspec b/content/Blazor.BFF.AzureB2C.Template.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd">
 	<metadata>
 		<id>Blazor.BFF.AzureB2C.Template</id>
-		<version>2.0.1</version>
+		<version>2.0.2</version>
 		<title>Blazor.BFF.AzureB2C.Template</title>
 		<license type="file">LICENSE</license>
 		<description>Blazor BFF template for WASM ASP.NET Core hosted</description>
@@ -15,7 +15,7 @@
 		<requireLicenseAcceptance>false</requireLicenseAcceptance>
 		<copyright>2023 damienbod</copyright>
 		<summary>This template provides a simple Blazor template with BFF server authentication WASM hosted</summary>
-		<releaseNotes>Updated to .NET 7, Improved MS Graph client</releaseNotes>
+		<releaseNotes>Updated to .NET 7, updated security headers</releaseNotes>
 		<repository type="git" url="https://github.com/damienbod/Blazor.BFF.AzureB2C.Template" />
 		<packageTypes>
 			<packageType name="Template" />
diff --git a/content/BlazorBffAzureB2C/Client/BlazorBffAzureB2C.Client.csproj b/content/BlazorBffAzureB2C/Client/BlazorBffAzureB2C.Client.csproj
@@ -8,10 +8,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="7.0.2" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="7.0.2" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="7.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="7.0.3" PrivateAssets="all" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="7.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="7.0.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="7.0.3" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/content/BlazorBffAzureB2C/Server/BlazorBffAzureB2C.Server.csproj b/content/BlazorBffAzureB2C/Server/BlazorBffAzureB2C.Server.csproj
@@ -12,11 +12,11 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="7.0.2" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="7.0.2" NoWarn="NU1605" />
-    <PackageReference Include="Microsoft.Identity.Web" Version="1.25.10" />
-    <PackageReference Include="Microsoft.Identity.Web.UI" Version="1.25.10" />
-    <PackageReference Include="Microsoft.Identity.Web.MicrosoftGraph" Version="1.25.10" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="7.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="7.0.3" NoWarn="NU1605" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="2.5.0" />
+    <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.5.0" />
+    <PackageReference Include="Microsoft.Identity.Web.MicrosoftGraph" Version="2.5.0" />
     <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.18.0" />
   </ItemGroup>
 
diff --git a/content/BlazorBffAzureB2C/Server/SecurityHeadersDefinitions.cs b/content/BlazorBffAzureB2C/Server/SecurityHeadersDefinitions.cs
@@ -64,6 +64,8 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
             policy.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365);
         }
 
+        policy.ApplyDocumentHeadersToAllResponses();
+
         return policy;
     }
 }
diff --git a/content/LICENSE b/content/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 damienbod
+Copyright (c) 2023 damienbod
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,8 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin`
`64`	`64`	`policy.AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365);`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ policy.ApplyDocumentHeadersToAllResponses();`
	`68`	`+`
`67`	`69`	`return policy;`
`68`	`70`	`}`
`69`	`71`	`}`