ricardo/BCards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: ricardo:Release/ArtigosPDF
Branches Tags
ricardo:main
ricardo:Release/ajuda-console
ricardo:Release/ajustes-headers
ricardo:Release/ArtigosPDF
ricardo:Release/support
ricardo:Release/versao1
ricardo:feat/plano-rodape
ricardo:feat/live-preview
ricardo:Release/V0.0.3
ricardo:feat/ajustes-layout
ricardo:feat/link-produto-login
...
pull from: ricardo:main
Branches Tags
ricardo:Release/ajuda-console
ricardo:main
ricardo:Release/ajustes-headers
ricardo:Release/ArtigosPDF
ricardo:Release/support
ricardo:Release/versao1
ricardo:feat/plano-rodape
ricardo:feat/live-preview
ricardo:Release/V0.0.3
ricardo:feat/ajustes-layout
ricardo:feat/link-produto-login

6 Commits
Release/Ar ... main

Author SHA1 Message Date
ricardo
7c0d91c68e Merge pull request 'Release/ajustes-headers' (#23) from Release/ajustes-headers into main
All checks were successful
BCards Deployment Pipeline / Run Tests (push) Successful in 3s
Details
BCards Deployment Pipeline / PR Validation (push) Has been skipped
Details
BCards Deployment Pipeline / Build and Push Image (push) Successful in 11m3s
Details
BCards Deployment Pipeline / Deploy to Release Swarm (ARM) (push) Has been skipped
Details
BCards Deployment Pipeline / Deploy to Production (ARM - OCI) (push) Successful in 1m8s
Details
BCards Deployment Pipeline / Cleanup Old Resources (push) Has been skipped
Details
BCards Deployment Pipeline / Deployment Summary (push) Successful in 0s
Details 
Reviewed-on: https://git.carneiro.ddnsfree.com/ricardo/BCards/pulls/23
 2026-01-06 00:38:46 +00:00
Ricardo Carneiro
98709256ea feat: headers
All checks were successful
BCards Deployment Pipeline / Run Tests (push) Successful in 8s
Details
BCards Deployment Pipeline / PR Validation (push) Has been skipped
Details
BCards Deployment Pipeline / Build and Push Image (push) Successful in 12m20s
Details
BCards Deployment Pipeline / Deploy to Production (ARM - OCI) (push) Has been skipped
Details
BCards Deployment Pipeline / Deploy to Release Swarm (ARM) (push) Successful in 1m1s
Details
BCards Deployment Pipeline / Cleanup Old Resources (push) Has been skipped
Details
BCards Deployment Pipeline / Deployment Summary (push) Successful in 0s
Details
BCards Deployment Pipeline / Run Tests (pull_request) Successful in 6s
Details
BCards Deployment Pipeline / PR Validation (pull_request) Successful in 0s
Details
BCards Deployment Pipeline / Build and Push Image (pull_request) Has been skipped
Details
BCards Deployment Pipeline / Deploy to Production (ARM - OCI) (pull_request) Has been skipped
Details
BCards Deployment Pipeline / Deploy to Release Swarm (ARM) (pull_request) Has been skipped
Details
BCards Deployment Pipeline / Cleanup Old Resources (pull_request) Has been skipped
Details
BCards Deployment Pipeline / Deployment Summary (pull_request) Successful in 0s
Details
2025-12-30 17:26:46 -03:00
Ricardo Carneiro
a7cbba5c38 Merge branch 'main' of https://git.carneiro.ddnsfree.com/ricardo/BCards 2025-12-30 17:25:20 -03:00
ricardo
cf17fd8464 Merge pull request 'Release/ArtigosPDF' (#22) from Release/ArtigosPDF into main
All checks were successful
BCards Deployment Pipeline / Run Tests (push) Successful in 6s
Details
BCards Deployment Pipeline / PR Validation (push) Has been skipped
Details
BCards Deployment Pipeline / Build and Push Image (push) Successful in 40m2s
Details
BCards Deployment Pipeline / Deploy to Release Swarm (ARM) (push) Has been skipped
Details
BCards Deployment Pipeline / Deploy to Production (ARM - OCI) (push) Successful in 1m13s
Details
BCards Deployment Pipeline / Cleanup Old Resources (push) Has been skipped
Details
BCards Deployment Pipeline / Deployment Summary (push) Successful in 1s
Details 
Reviewed-on: http://git.carneiro.ddnsfree.com/ricardo/BCards/pulls/22
 2025-11-29 23:01:42 +00:00
Ricardo Carneiro
4e97efc160 fix: XSS 2025-11-16 14:16:57 -03:00
ricardo
241ca3560d Merge pull request 'Release/ArtigosPDF' (#21) from Release/ArtigosPDF into main
All checks were successful
BCards Deployment Pipeline / Run Tests (push) Successful in 6s
Details
BCards Deployment Pipeline / PR Validation (push) Has been skipped
Details
BCards Deployment Pipeline / Build and Push Image (push) Successful in 7m26s
Details
BCards Deployment Pipeline / Deploy to Release Swarm (ARM) (push) Has been skipped
Details
BCards Deployment Pipeline / Deploy to Production (ARM - OCI) (push) Successful in 1m5s
Details
BCards Deployment Pipeline / Cleanup Old Resources (push) Has been skipped
Details
BCards Deployment Pipeline / Deployment Summary (push) Successful in 0s
Details 
Reviewed-on: http://git.carneiro.ddnsfree.com/ricardo/BCards/pulls/21
 2025-11-07 14:55:48 +00:00
1 changed files with 17 additions and 1 deletions
Show Stats Expand all files Collapse all files

18
src/BCards.Web/Program.cs
View File

@ -581,7 +581,10 @@ builder.Services.AddHsts(options =>
var app = builder.Build(); var app = builder.Build();
app.UseForwardedHeaders(); app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
if (!app.Environment.IsDevelopment()) if (!app.Environment.IsDevelopment())
{ {
@ -607,6 +610,19 @@ app.Use(async (context, next) =>
context.Response.Headers.Append("Referrer-Policy", "no-referrer"); context.Response.Headers.Append("Referrer-Policy", "no-referrer");
context.Response.Headers.Append("Permissions-Policy", "camera=(), microphone=(), geolocation=()"); context.Response.Headers.Append("Permissions-Policy", "camera=(), microphone=(), geolocation=()");
// Content Security Policy - Protects against XSS attacks
var csp = "default-src 'self'; " +
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://code.jquery.com https://cdn.jsdelivr.net/npm/bootstrap@5.3.2 https://accounts.google.com https://apis.google.com; " +
"style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/bootstrap@5.3.2; " +
"img-src 'self' data: https: blob:; " +
"font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; " +
"connect-src 'self' https://accounts.google.com https://apis.google.com https://login.microsoftonline.com; " +
"frame-src 'self' https://accounts.google.com https://login.microsoftonline.com; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"form-action 'self'";
context.Response.Headers.Append("Content-Security-Policy", csp);
// Load balancer e debugging headers // Load balancer e debugging headers
context.Response.Headers.Append("X-Server-ID", Environment.MachineName); context.Response.Headers.Append("X-Server-ID", Environment.MachineName);
context.Response.Headers.Append("X-Instance-ID", $"{Environment.MachineName}-{Environment.ProcessId}"); context.Response.Headers.Append("X-Instance-ID", $"{Environment.MachineName}-{Environment.ProcessId}");