From d845cd13c011a41711f54a1ee0f539a96e8fc2c4 Mon Sep 17 00:00:00 2001 From: MacAdam Date: Tue, 31 Oct 2023 17:12:37 -0400 Subject: [PATCH 1/2] Add headers --- messaging/Controllers/SteveCapStmtController.cs | 1 - messaging/Services/ConvertToIJEBackgroundWork.cs | 4 ---- messaging/Startup.cs | 9 +++++++++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/messaging/Controllers/SteveCapStmtController.cs b/messaging/Controllers/SteveCapStmtController.cs index d529142..a4eefc8 100644 --- a/messaging/Controllers/SteveCapStmtController.cs +++ b/messaging/Controllers/SteveCapStmtController.cs @@ -14,7 +14,6 @@ namespace messaging.Controllers [ApiController] public class SteveCapabilityStatement : CapabilityStatement { - private readonly ApplicationDbContext _context; protected readonly ILogger _logger; public SteveCapabilityStatement(ILogger logger, ApplicationDbContext context) : base(logger, context) diff --git a/messaging/Services/ConvertToIJEBackgroundWork.cs b/messaging/Services/ConvertToIJEBackgroundWork.cs index 7adeb83..cb64035 100644 --- a/messaging/Services/ConvertToIJEBackgroundWork.cs +++ b/messaging/Services/ConvertToIJEBackgroundWork.cs @@ -132,10 +132,6 @@ private IncomingMessageLog LatestMessageByNCHSId(string NCHSIdentifier) return this._context.IncomingMessageLogs.Where(l => l.NCHSIdentifier == NCHSIdentifier).OrderBy(l => l.MessageTimestamp).LastOrDefault(); } - private bool IncomingMessageItemExists(long id) - { - return this._context.IncomingMessageItems.Any(e => e.Id == id); - } } } } diff --git a/messaging/Startup.cs b/messaging/Startup.cs index 0d4e9f6..8edf18b 100644 --- a/messaging/Startup.cs +++ b/messaging/Startup.cs @@ -55,6 +55,15 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerF { app.UseHttpLogging(); app.UseHttpsRedirection(); + app.Use(async (context, next) => + { + context.Response.Headers.Add("Content-Type", "application/json"); + context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); + context.Response.Headers.Add("X-XSS-Protection", "1;mode=block"); + context.Response.Headers.Add("Cache-Control", "no-cache"); + context.Response.Headers.Add("Content-Security-Policy", "default-src"); + await next.Invoke(); + }); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); From 517d98261826fc697598c0751679145ad98135d4 Mon Sep 17 00:00:00 2001 From: MacAdam Date: Tue, 31 Oct 2023 20:47:59 -0400 Subject: [PATCH 2/2] Change to no store --- messaging/Startup.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/messaging/Startup.cs b/messaging/Startup.cs index 8edf18b..97633ba 100644 --- a/messaging/Startup.cs +++ b/messaging/Startup.cs @@ -60,7 +60,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerF context.Response.Headers.Add("Content-Type", "application/json"); context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); context.Response.Headers.Add("X-XSS-Protection", "1;mode=block"); - context.Response.Headers.Add("Cache-Control", "no-cache"); + context.Response.Headers.Add("Cache-Control", "no-store"); context.Response.Headers.Add("Content-Security-Policy", "default-src"); await next.Invoke(); });