release 2.2.0, fixed security headers

damienbod · damienbod · commit bb220f463e49 · 2023-11-03T10:27:11.000+01:00
diff --git a/Changelog.md b/Changelog.md
@@ -2,6 +2,11 @@
 
 [Readme](https://github.com/damienbod/Blazor.BFF.AzureB2C.Template/blob/main/README.md) 
 
+**2023-11-03** 2.2.0
+- Fix XSS block security header
+- Updated packages
+
+
 **2023-06-21** 2.1.0
 - Switched to Graph SDK 5
 - Updated packages
diff --git a/README.md b/README.md
@@ -198,7 +198,7 @@ nuget pack content/Blazor.BFF.AzureB2C.Template.nuspec
 Locally built nupkg:
 
 ```
-dotnet new install Blazor.BFF.AzureB2C.Template.2.1.0.nupkg
+dotnet new install Blazor.BFF.AzureB2C.Template.2.2.0.nupkg
 ```
 
 Local folder:
diff --git a/content/Blazor.BFF.AzureB2C.Template.nuspec b/content/Blazor.BFF.AzureB2C.Template.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd">
 	<metadata>
 		<id>Blazor.BFF.AzureB2C.Template</id>
-		<version>2.1.0</version>
+		<version>2.2.0</version>
 		<title>Blazor.BFF.AzureB2C.Template</title>
 		<license type="file">LICENSE</license>
 		<description>Blazor BFF template for WASM ASP.NET Core hosted</description>
@@ -15,7 +15,7 @@
 		<requireLicenseAcceptance>false</requireLicenseAcceptance>
 		<copyright>2023 damienbod</copyright>
 		<summary>This template provides a simple Blazor template with BFF server authentication WASM hosted</summary>
-		<releaseNotes>Updated to Graph SDK 5, updated packages</releaseNotes>
+		<releaseNotes>Fixed XSS block security header, updated packages</releaseNotes>
 		<repository type="git" url="https://github.com/damienbod/Blazor.BFF.AzureB2C.Template" />
 		<packageTypes>
 			<packageType name="Template" />
diff --git a/content/BlazorBffAzureB2C/Client/BlazorBffAzureB2C.Client.csproj b/content/BlazorBffAzureB2C/Client/BlazorBffAzureB2C.Client.csproj
@@ -8,10 +8,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="7.0.7" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="7.0.7" PrivateAssets="all" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="7.0.13" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.DevServer" Version="7.0.13" PrivateAssets="all" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="7.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="7.0.7" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" Version="7.0.13" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/content/BlazorBffAzureB2C/Server/BlazorBffAzureB2C.Server.csproj b/content/BlazorBffAzureB2C/Server/BlazorBffAzureB2C.Server.csproj
@@ -12,12 +12,12 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="7.0.7" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="7.0.7" NoWarn="NU1605" />
-    <PackageReference Include="Microsoft.Identity.Web" Version="2.12.4" />
-    <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.12.4" />
-    <PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="2.12.4" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.19.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="7.0.13" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="7.0.13" NoWarn="NU1605" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="2.15.3" />
+    <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.15.3" />
+    <PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="2.15.3" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="0.21.0" />
   </ItemGroup>
 
 </Project>
diff --git a/content/BlazorBffAzureB2C/Server/SecurityHeadersDefinitions.cs b/content/BlazorBffAzureB2C/Server/SecurityHeadersDefinitions.cs
@@ -13,7 +13,6 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, strin
 
         var policy = new HeaderPolicyCollection()
             .AddFrameOptionsDeny()
-            .AddXssProtectionBlock()
             .AddContentTypeOptionsNoSniff()
             .AddReferrerPolicyStrictOriginWhenCrossOrigin()
             .AddCrossOriginOpenerPolicy(builder => builder.SameOrigin())
